Bill Davidsen said:
And most x86 operating systems have CS and DS refer to the same
physical memory. Because if you don't you need segment prefixes on
data fetches, in pointers, etc. Which kills performance.
I'll tell you this once, and I'll repeat it as many times as you like. You
didn't need segment prefixes in most cases. All instruction accesses
defaulted to using CS. All data segment accesses defaulted to using DS.
String copy defaulted to DS (source) and ES (destination). Stack accesses
defaulted to the SS segment register. Once they were put into the segment
register, it meant all of their privilege checks were already performed, and
they no longer needed to be checked again. Even the occasional time that
you'd want to use segment override prefixes, you'd be using the two extra
segment registers like FS and GS, even those would be cached in a register
with all of their privilege checks already performed.
Yes, most x86 operating systems defaulted to making the CS and DS refer to
the same locations in memory, and that's precisely what I am criticising --
they shouldn't have ever done that. Pointing them to separate physical
locations is what they should've been doing all along. Let's face it there
is very little reason to read or write data into instruction sections of
memory, and there is very little reason to read instructions from data
sections of memory, so putting them into separate segments would've been
just ideal.
However, I will agree that the exploit where they know the specific location
in memory where a system function call exists, and cleverly overwriting the
return address in the stack segment to point to that address, wouldn't have
been preventable by a non-executable stack of any kind.
Yousuf Khan