Date: Tue, 27 Feb 2024 09:24:13 -0800
https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/
Memory safety concerns seem focused on the undefined behavior of
pointers on buffer overruns and out-of-bounds memory accesses. However,
not all memory is equally unsafe. Unintended access to memory that
contains a password or an exec() command is much more valuable to
hackers. Hacking of passwords is of particular concern for financial
systems.
C/C++ programs use stack, heap or static memory to hold data. Any of
these can be overrun. I am experimenting with code to add a fourth
category, page memory. That is, allocation creates a memory region that
cannot be overrun into or out of because it is an isolated protected
page in memory. The default behavior for an overrun is a segfault.
Is this a good or bad idea? Been done before? Thoughts?
Robin Rowe
Beverly Hills, California
*Chairman ISO WG21 SG14 C++ Banking and Financial Systems Subcommittee
Memory safety concerns seem focused on the undefined behavior of
pointers on buffer overruns and out-of-bounds memory accesses. However,
not all memory is equally unsafe. Unintended access to memory that
contains a password or an exec() command is much more valuable to
hackers. Hacking of passwords is of particular concern for financial
systems.
C/C++ programs use stack, heap or static memory to hold data. Any of
these can be overrun. I am experimenting with code to add a fourth
category, page memory. That is, allocation creates a memory region that
cannot be overrun into or out of because it is an isolated protected
page in memory. The default behavior for an overrun is a segfault.
Is this a good or bad idea? Been done before? Thoughts?
Robin Rowe
Beverly Hills, California
*Chairman ISO WG21 SG14 C++ Banking and Financial Systems Subcommittee
Received on 2024-02-27 23:20:21