|
In computer security, executable space protection is the marking of memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It makes use of hardware features such as the NX bit. The Burroughs 5000 offered hardware support for executable space protection when it was introduced in 1961; that capability was retained in its successors at least through 2006. In its implementation of tagged architecture, each word of memory had an associated, hidden tag bit designating it code or data. Thus, user programs cannot write or even read a program word, and data words cannot be executed. If an operating system can mark some or all writable regions of memory as non-executable, it may be able to prevent the stack and heap memory areas from being executable. This helps to prevent certain buffer overflow exploits from succeeding, particularly those that inject and execute code, such as the Sasser and Blaster worms. These attacks rely on some part of memory, usually the stack, being both writable and executable; if it is not, the attack fails. ==OS implementations== Many operating systems implement or have an available executable space protection policy. Here is a list of such systems in alphabetical order, each with technologies ordered from newest to oldest. For some technologies, there is a summary which gives the major features each technology supports. The summary is structured as below. * Hardware Supported Processors: (Comma separated list of CPU architectures) * Emulation: (No) or (Architecture Independent) or (Comma separated list of CPU architectures) * Other Supported: (None) or (Comma separated list of CPU architectures) * Standard Distribution: (No) or (Yes) or (Comma separated list of distributions or versions which support the technology) * Release Date: (Date of first release) A technology supplying Architecture Independent emulation will be functional on all processors which aren't hardware supported. The "Other Supported" line is for processors which allow some grey-area method, where an explicit NX bit doesn't exist yet hardware allows one to be emulated in some way. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「executable space protection」の詳細全文を読む スポンサード リンク
|