Date: Fri, 11 Feb 2005 06:59:38 -0800 From: Astrodog <astrodog@gmail.com> To: cokane@cokane.org Cc: freebsd-amd64@freebsd.org Subject: Re: FreeBSD x86 vs x86-64 Questions about Security Message-ID: <2fd864e050211065931e2f425@mail.gmail.com> In-Reply-To: <346a8022050211063022cb57e2@mail.gmail.com> References: <420C649D.8070502@oranged.to> <346a8022050211063022cb57e2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Feb 2005 09:30:34 -0500, Coleman Kane <zombyfork@gmail.com> wrote: > Hi Jimmy. > > > On Fri, 11 Feb 2005 07:54:05 +0000, Jimmy <freebsd@oranged.to> wrote: > > Hello, > > > > I Am interested to know several questions.. > > > > - Currently I am using FreeBSD x86-64 I have compiled the majority of my > > applications up using the right compiler flags to support the 64bit OS. > > Is there any way within the Operating system that I can turn off 32bit > > support? > > You should be able to remove COMPAT_IA32 from your kernel config. > > > > > - Are applications that have been compiled for the amd-64 platform still > > vulnerable to x86 style attacks because of the backwards compatability > > mode? (eg remote buffer overflows in say.. openssh?). > > > > AMD64 has a per-page NX (non-executable) bit, I however am not aware > if FreeBSD uses this in the code pages. > > --coleman > > > Thanks > > > > J > > _______________________________________________ > > freebsd-amd64@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-amd64 > > To unsubscribe, send any mail to "freebsd-amd64-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-amd64@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-amd64 > To unsubscribe, send any mail to "freebsd-amd64-unsubscribe@freebsd.org" > I think that FreeBSD-AMD64 will not be effected directly, in that shellcode written for i386 won't work anymore. However, the security flaw would still exist, so there's still a threat, its just one script-kiddies won't catch. The i386 compat layer won't allow vunerable i386 shellcode to run from within an AMD64 application, since the ELF detection that makes COMPAT_IA32 work wouldn't kick in. i386-compiled applications could still, theoretically, be exploited with i386 shellcode though. However, AMD64 applications would not execute the shellcode, or, rather, wouldn't actually be able to, they'd just crash. --- Harrison Grundy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2fd864e050211065931e2f425>