SecurityFocus

Preventing exploitation with rebasing Feb 04 2003 05:08AM
David Litchfield (david ngssoftware com) (7 replies)

Re: Preventing exploitation with rebasing Feb 05 2003 01:41PM
dullien gmx de (1 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 10:52PM
David Litchfield (david ngssoftware com) (2 replies)

Re[2]: Preventing exploitation with rebasing Feb 05 2003 05:02PM
dullien gmx de

RE: Preventing exploitation with rebasing Feb 04 2003 09:47PM
Jason Coombs (jasonc science org)

RE: Preventing exploitation with rebasing Feb 04 2003 06:54PM
Riley Hassell (rhassell eeye com)

Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM
sd hysteria sk (1 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 11:20PM
David Litchfield (david ngssoftware com)

Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM
Torbjörn Hovmark (torbjorn hovmark abtrusion com)

Hi David,

> [...] Eventually I've rebased all of the DLLs used by SQL Server mutating
> it's "genetic code", making it considerably different to any other SQL
> Server install on the planet. In fact if I rebase every DLL on my system
and
> every executable then I can make my box almost invulnerable to a given
> exploit, past, present or future.

The idea is very elegant (in fact we have planned to include a variation of
it in an upcoming product), but unfortunately it will not work very well
with system DLLs. Many Windows system DLLs can't be safely rebased. Although
they include relocation information, they make assumptions about where in
memory they (or other system DLLs) will be loaded. Essentially, if you
rebase some of the system DLLs, your system will become unstable or will
fail to start. Also, many exes do not include relocation information at all
(since exes are loaded first they are not supposed to be relocated in normal
operation). You will not be able to rebase them either.

Best regards,

Torbjörn Hovmark
______________________________________
Abtrusion Security AB
- next generation intrusion protection
http://www.abtrusion.com

[ reply ]

Re: Preventing exploitation with rebasing Feb 04 2003 11:38AM
Charlie Root (weedpower home ro) (4 replies)

Re: Preventing exploitation with rebasing Feb 06 2003 01:00AM
Deus, Attonbitus (Thor HammerofGod com)

Re: Preventing exploitation with rebasing Feb 05 2003 09:49PM
Alun Jones (alun texis com)

Re: Preventing exploitation with rebasing Feb 04 2003 08:08PM
Brian Hatch (bugtraq ifokr org) (2 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 09:38PM
David S Goldberg (dsg mitre org)

Re: Preventing exploitation with rebasing Feb 04 2003 05:26PM
Alan DeKok (aland freeradius org) (2 replies)

Re: Can't Preventing exploitation with rebasing Feb 05 2003 10:06AM
bugtraq gaza halo nu (2 replies)

Re[2]: Can't Preventing exploitation with rebasing Feb 06 2003 07:14PM
dullien gmx de

Observation on randomization/rebiasing... Feb 05 2003 09:10PM
Nicholas Weaver (nweaver CS berkeley edu) (1 replies)

RE: Observation on randomization/rebiasing... Feb 05 2003 10:07PM
Jason Coombs (jasonc science org)

Re: Preventing exploitation with rebasing Feb 05 2003 01:48AM
Crispin Cowan (crispin wirex com)

Re: Preventing exploitation with rebasing Feb 04 2003 06:38PM
David Litchfield (david ngssoftware com) (1 replies)

Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Feb 05 2003 05:32PM
Halvar Flake (halvar gmx net)

Re: Preventing exploitation with rebasing Feb 04 2003 11:34AM
Eugene Tsyrklevich (eugene securityarchitects com)

Re: [VulnDiscuss] Preventing exploitation with rebasing Feb 03 2003 09:49PM
Michal Zalewski (lcamtuf coredump cx)