Buffer Overflow Protection
The last and maybe most important point to note about descriptors is how they affect the complementary notions of system security and program correctness. One of the best tools a hacker has to compromise operating systems of today is the buffer overflow. This is particularly easily done in C and with a little more effort in assemblers. C, in particular, uses the most primitive and error-prone way to mark the end of strings, using a null byte as an end-of-string sentinel in the data stream itself.
Pointers are implemented on the B5000 by indexed descriptors. During indexing operations, pointers are checked at each increment to make sure that neither the source nor the destination blocks are out of bound. During a scan or replace operation, the mechanisms used to read or copy large blocks of memory, both source and destination are checked at each word increment for a valid memory tag. Each memory segment is bounded by tag 3 words, which would make such an operation fail. Each memory segment containing integrity sensitive data, such as program code, is stored in tag 3 words, making an uncontrolled read – let alone modification – impossible. Thus a significant source of program errors can be detected early before software goes into production, and a more significant class of attacks on system security is not possible.
Read more about this topic: Burroughs Large Systems Descriptors
Famous quotes containing the words overflow and/or protection:
“A man’s interest in the world is only the overflow from his interest in himself. When you are a child your vessel is not yet full; so you care for nothing but your own affairs. When you grow up, your vessel overflows; and you are a politician, a philosopher, or an explorer and adventurer. In old age the vessel dries up: there is no overflow: you are a child again.”
—George Bernard Shaw (1856–1950)
“A man with convictions finds an answer for everything. Convictions are the best form of protection against the living truth.”
—Max Frisch (1911–1991)