>> "Part of security exploitation is being able to crash a system reliably."
>>
>> Wow. "Crash a system reliably." Now *there* is a concept! :-D

One of the bugs is a branching instruction that may, or may not
jump to the intended address +1.  For the moment it's being
worked around in the compilers by putting a few NOP's at
spots that require such branching. Since there may be such
sets of NOP's in the code, a hacker might replace the NOP's
with a jump code of their own in order to execute their virus
code, then jump back to continue execution of the original
program. However, because of the bug itself, the hackers
jump instruction would fail with an invalid instruction quite
often, making this not really a security issue now, the security
issue will arise when the bug is fixed in hardware, but old
code still has the NOP's.  I don't see the security aspect of
this being a big deal, if a hacker already can modify the code
then they'll be able to take over a thread anyways elsewhere.
The bigger deal is that if a compiler uses this instruction it'll be
3 times slower than intended because of the workaround.

Post a reply to this message