Fog Creek Software
g
Discussion Board

Windows XP SP2 Will Break Your Apps. Part Deux.

http://www.computerworld.com/softwaretopics/os/windows/story/0,10801,90849,00.html

Joe
Friday, March 5, 2004

Damned if you do, damned if you don't...

Nate Silva
Friday, March 5, 2004

What's "part deux" about this. It's the same story they've been saying all along. Am I missing something?

pdq
Friday, March 5, 2004

You're exactly write, Nate -- Microsoft put security as a far and away secondary priority for years, and now they're facing huge market pressure. In finally, belatedly, reacting they're finding that some of their prior practices were overly liberal, breaking some partner apps. They _are_ damned if they do and damned if they don't, and it's a house of cards that they made for themselves.

.
Friday, March 5, 2004

[[Another product that Microsoft needs to update is its .Net Framework. The new memory protection features in SP2 require developers of certain applications to mark their code with memory execution permissions. If they don't, the protection features could interfere with the applications, according to Microsoft.

"The great bulk of applications will not be affected by memory protection. The No. 1 that leaps to mind is execution environments with just-in-time code generation. The .Net Framework is one," Goodhew said.
]]

Doesn't that quote mean that the .Net framework is one thing Microsoft WONT need to update? Or am I misunderstanding the 2 paragraphs?

Chris Ormerod
Saturday, March 6, 2004

Causes problems with just-in-time code generation?  Well, that might be handy in stopping mutating viruses, but it's also a nice way to mangle things like a Java JIT compiler or most of the anti-cracking software shells.  I think this is both a good thing and a bad thing.

Aaron F Stanton
Saturday, March 6, 2004

One of the protections is that areas of memory must  be specifically marked as executeable or not.  This prevents the majority of buffer overflows, since the heap is generally not executeable.

However, for JIT-like task, where you build code in-memory and then execute it, you're going to have to do the extra step to mark the area you just created as executeable.

Interpreted languages: Parse grammar into a tree and traverse it.  No executeable heap there, so no changes needed for SP2.

JIT languages:  Compile code and save results in-memory then execute in-memory.  Changes needed.

Compiled languages:  No changes needed.

So yes, this will break some java VMs.  The fix should be easy though.

Richard P
Sunday, March 7, 2004

I'm pretty sure the Microsoft JITter marks its target memory as executable though. :-)

Frederik Slijkerman
Sunday, March 7, 2004

"One of the protections is that areas of memory must  be specifically marked as executeable or not.  This prevents the majority of buffer overflows, since the heap is generally not executeable."

This is the best feature in XP SP2, and unfortunately, is only available on supported CPUs (namely, the 64-bit Athlon and Opteron CPUs from AMD).

Brad Wilson (dotnetguy.techieswithcats.com)
Sunday, March 7, 2004

"I'm pretty sure the Microsoft JITter marks its target memory as executable though."

Well, I'm sure they will be once XP SP2 is out. :)

The way things sit right now, it's clearly far more convenient to just allocate a chunk of RAM, write to it, then execute it. Playing by the rules means ensuring that all your newly JITted code lives on memory pages separate from data, and after it's been written to, those pages need to be flipped from read/write to read/execute (and, no, there's no read/write/execute).

Brad Wilson (dotnetguy.techieswithcats.com)
Sunday, March 7, 2004

"This is the best feature in XP SP2, and unfortunately, is only available on supported CPUs (namely, the 64-bit Athlon and Opteron CPUs from AMD)."

Intel x86 architechture is vulnerable to a lot of things that other chip architechtures are not.  Far easier to have buffer overruns on x86 than about anything else.  This plagues MS quite a bit, although Linux or anything else on x86 starts out with the same problems. 

I think AMD is going to take the baton from Intel as the "NAME" in commodity computer chips for the next decade.  Intel thought they could ram Itanic at us because they are Intel, so what ever they crap out is gold.  The market showed them how stupid and full of hubris they were.

Mike
Sunday, March 7, 2004

*  Recent Topics

*  Fog Creek Home