Re: the "Turing Attack" (was: Sabotaged PaXtest)

[H. Peter Anvin]

Followup to:  <20050208164815.GA9903@xxxxxxx>
By author:    Ingo Molnar <mingo@xxxxxxx>
In newsgroup: linux.dev.kernel
> 
> This, on the face of it, seems like a ridiculous possibility as the
> chances of that are reverse proportional to the number of bits necessary
> to implement the simplest Turing Machine. (which for anything even
> closely usable are on the order of 2^10000, less likely than the
> likelyhood of us all living to the end of the Universe.)
> 

2^10000?  Not even close.  You can build a fully Turing-complete
interpreter in a few tens of bytes (a few hundred bits) on most
architectures, and you have to consider ALL bit combinations that can
form an accidental Turing machine.

What is far less clear is whether or not you can use that accidental
Turing machine to do real damage.  After all, it's not computation (in
the strict sense) that causes security violations, it's I/O.  Thus,
the severity of the problem depends on which I/O primitives the
accidental Turing machine happens to embody.  Note that writing to the
memory of the host process is considered I/O for this purpose.

	-hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/