flat assembler
Message board for the users of flat assembler.

Index > OS Construction > why use another stack when calling higher ring

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
using x51 I used this to make multitask
Code:
push acc
push b
push...
Mov a,sp
Mov sp,x1
Mov x1,x2
...
Mov xn,a
pop ...
pop b
pop acc
ret
    

but why not it in x86?
Maybe I wrongly understand
Post 20 Feb 2015, 01:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
The x86 has one stack register per ring. The hardware enforces this.

This has the advantage of not destroying the user level stack. And it doesn't leak system information into a lower privileged task. Any OS that wants to support task isolation will require such a feature.
Post 20 Feb 2015, 01:36
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
The x86 has one stack register per ring. The hardware enforces this.

This has the advantage of not destroying the user level stack. And it doesn't leak system information into a lower privileged task. Any OS that wants to support task isolation will require such a feature.
But why not by software ? If so how to get the esp before
Post 20 Feb 2015, 02:35
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
You can't rely on user software to properly setup system stacks for each call. It wouldn't be secure, it wouldn't be reliable and malware writers would be very happy.
Post 20 Feb 2015, 02:43
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
You can't rely on user software to properly setup system stacks for each call. It wouldn't be secure, it wouldn't be reliable and malware writers would be very happy.
but won't it be only the registers which will be easily got there?
p.s. acc=a
Post 20 Feb 2015, 05:28
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Stacks are used for many things, not only registers. And even registers can hold sensitive information. Why risk problems when the hardware solves it for free?
Post 20 Feb 2015, 05:35
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
Stacks are used for many things, not only registers. And even registers can hold sensitive information. Why risk problems when the hardware solves it for free?
Why are you so serious about the only two bytes
Post 20 Feb 2015, 07:01
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Why are you so flippant about data insecurity? Wink

What if RAX contains the first 8 characters of your password, are you happy to place it on the stack for any process to examine as they wish?
Post 20 Feb 2015, 07:05
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
Why are you so flippant about data insecurity? Wink

What if RAX contains the first 8 characters of your password, are you happy to place it on the stack for any process to examine as they wish?
So even if you let them seprated i can still use "PUSH RAX" to get it right?
Post 20 Feb 2015, 11:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
A user process can't access the system stacks or other user process stacks. So a normal app can't see data from other apps. i.e. your spreadsheet program can't see your email password. And your email program can't see your spreadsheet tax data.
Post 20 Feb 2015, 11:32
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
A user process can't access the system stacks or other user process stacks. So a normal app can't see data from other apps. i.e. your spreadsheet program can't see your email password. And your email program can't see your spreadsheet tax data.
that needn't higher ring stack
Post 20 Feb 2015, 11:42
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
If the system used the user stack then the user process could watch the stack and see information left on the stack by the system interrupts. You could watch for the keyboard interrupts and probably make a keylogger quite easily.
Post 20 Feb 2015, 12:48
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
If the system used the user stack then the user process could watch the stack and see information left on the stack by the system interrupts. You could watch for the keyboard interrupts and probably make a keylogger quite easily.
If user input into your process why do you still use these way? If not how do you get it from your own stack?
Post 20 Feb 2015, 12:53
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
In a protected OS a user process cannot read the keyboard directly. This is by design. The process would call the OS to ask if any keys are available, or to ask to wait until a key is pressed, or whatever. But never directly trap interrupts unless it was the system keyboard driver.

If you use DOS then forget about having secure app separation. Everything just does whatever it wants; and that includes crashing the whole system, spying on the user, exfiltrating data to a port, etc.
Post 20 Feb 2015, 12:57
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
In a protected OS a user process cannot read the keyboard directly. This is by design. The process would call the OS to ask if any keys are available, or to ask to wait until a key is pressed, or whatever. But never directly trap interrupts unless it was the system keyboard driver.

If you use DOS then forget about having secure app separation. Everything just does whatever it wants; and that includes crashing the whole system, spying on the user, exfiltrating data to a port, etc.

Use the 1st floor to make an example(Of course, don't try to get @x0 directly, for x51 has no <segment>), will you?
Post 20 Feb 2015, 12:59
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
An example of what?
Post 20 Feb 2015, 14:23
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
An example of what?
of stealing other process' data
Post 20 Feb 2015, 15:01
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
In DOS it is easy, just scan the memory. Or watch the stack.

In a protected mode OS I can't give an example because if it is done correctly you can't see another processes data. That is the whole point; to not leak data.
Post 20 Feb 2015, 15:07
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 657
l4m2
revolution wrote:
In DOS it is easy, just scan the memory. Or watch the stack.

In a protected mode OS I can't give an example because if it is done correctly you can't see another processes data. That is the whole point; to not leak data.
So i asked u to write it in near human's language
Post 20 Feb 2015, 15:52
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
l4m2,

CPL, DPL, RPL and paging. Do you need more of human language? Wink
Post 20 Feb 2015, 20:40
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.