Dynamic code generation (program writes code then jumps to it) sounds like a really useful facility for virus writers, trojan horses and worms. In what circumstance is it necessary to have that capability? Isn't it much safer to have a rigid demarcation between code generation and code execution? Then the operating system can do run-time checks on the thing it's about to execute. Peter On Thu, Dec 04, 2003 at 06:46:40PM -0500, Henry Spencer wrote:

But it's not clear to me that this really improves things much. If you can overwrite control information, e.g. a function return address -- which is generally needed to *exploit* an executable stack or heap -- then you can always look around for places where you could branch to existing code that happens to do what you want. (For example, functions which do dynamic code generation will have a strong tendency to end with the sequence "tell the system to make the heap region pointed to by register X executable; return".)

Henry Spencer henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org

-- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

-- Peter D. Hiscocks Department of Electrical and Computer Engineering Ryerson University, 350 Victoria Street, Toronto, Ontario, M5B 2K3, Canada Phone: (416) 979-5000 Ext 6109 Fax: (416) 979-5280 Email: phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org URL: http://www.ee.ryerson.ca/~phiscock -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml