Oracle Bakes Security Into New Chips

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.

Re:What is Solaris good for?

[armanox]

I ran OpenSolaris as a desktop during its day, and I run Solaris on servers. It's everything that Linux wants to be, to be quite honest. The default filesystem (ZFS) has a lot of very nice features (ZFS on a desktop is like having Apple's Time Machine or Windows Shadow copies for file recovery). SMF (the service manager) is a lot of what systemd should have been. And then there is the licensing and support. CDDL allows a lot of things to be included that GPL operating systems can't - I remember when I ran Solaris 10 on my Inspiron 8000 years ago being amazed at what worked out of the box - flash player, nvidia drivers, mp3 codecs all just worked.