BugTraq
Re: Preventing exploitation with rebasing Feb 05 2003 10:29AM
David Litchfield (david ngssoftware com) (4 replies)
Re: Preventing exploitation with rebasing Feb 05 2003 10:43PM
Bugtraq User (bq soft-analysts com)
Re: Preventing exploitation with rebasing Feb 05 2003 09:30PM
Todd Sabin (tsabin optonline net) (1 replies)
Re: Preventing exploitation with rebasing Feb 06 2003 12:07AM
Seth Breidbart (sethb panix com) (2 replies)
In theory, it's easy to prove that some programs cannot be relocated,
period. Anybody who has been programming long enough has seen people
re-use a memory location as both an address and a constant in order to
keep the program small enough (12k OK; 12k + 2 bytes really bad
news). That can't be relocated.

Even under the assumption that locations aren't re-used, it's provably
impossible (Turing-complete) to determine whether the contents of a
location can be used as an address by a program.

That said, _if_ a program is relocatable, relocating it would seem to
be an easy way to gain some security. Whether that's worth the cost
(in fragility and undebuggability) is another question.

Seth

[ reply ]
Re: Preventing exploitation with rebasing Feb 06 2003 11:29PM
Carolyn Meinel (cmeinel techbroker com)
Re: Preventing exploitation with rebasing Feb 06 2003 05:50PM
Richard Moore (rich westpoint ltd uk)
Re: Preventing exploitation with rebasing Feb 05 2003 08:48PM
D.C. van Moolenbroek (dc van moolenbroek chello nl)
Re: Preventing exploitation with rebasing Feb 05 2003 08:36PM
Michal Zalewski (lcamtuf coredump cx)


 

Privacy Statement
Copyright 2010, SecurityFocus