[LINK] Microsoft explains how the ANI bug got baked into Vista

[Glen Turner]

Chris Maltby wrote:
> What Adrian is saying is that all modern systems have sufficient
> hardware to implement secure OS environments - but developers often cut
> corners on security to achieve other goals (typically performance).

Look how long it took for Intel to add hardware so stack pages could be
marked as not executable -- a feature only in the mass market with the
recent Core 2 chips.

The problem isn't that microprocessors don't implement the same features
as mainframe processors, they pretty much do for the register-based
mainframe architectures (eg, IBM but not Burroughs). It's that microprocessors
face a new set of risks and it's no longer possible to just follow the
taillights of previous mainframe designs.

For example, some helper instructions to allow programs to cheaply set
up sandboxes for p-code would help Java run a lot faster.

> I doubt if an animated cursor description is ever interpreted by the OS
> kernel even in Windows, but it probably is interpreted by components of
> the display manager and that is privileged because it needs to take
> advantage of display performance enhancements which the OS provides only
> to privileged tasks.

The reverse isn't much better either. Linux runs the display in user
space but this means exporting a lot of control over the PCI/AGP bus. So
anything that subverts the graphics driver can DoS the computer's PCI-like
buses.

> In fact, it's probably easier to launch your attacks against privileged
> non-kernel tasks

Or even non-privileged tasks. Often the goal of penetrating the system
is simply to generate network traffic or to send spam e-mail and you
don't need much access to do either of those.

-- 
 Glen Turner