Re: Preventing exploitation with rebasing

From: Seth Breidbart (sethbat_private)
Date: Wed Feb 05 2003 - 16:07:15 PST

Next message: Fred Cohen: "Preventing exploitation with rebasing"

Previous message: Jason Coombs: "RE: Observation on randomization/rebiasing..."
Next in thread: Carolyn Meinel: "Re: Preventing exploitation with rebasing"
Next in thread: Fred Cohen: "Preventing exploitation with rebasing"
Reply: Carolyn Meinel: "Re: Preventing exploitation with rebasing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In theory, it's easy to prove that some programs cannot be relocated,
period.  Anybody who has been programming long enough has seen people
re-use a memory location as both an address and a constant in order to
keep the program small enough (12k OK; 12k + 2 bytes really bad
news).  That can't be relocated.

Even under the assumption that locations aren't re-used, it's provably
impossible (Turing-complete) to determine whether the contents of a
location can be used as an address by a program.

That said, _if_ a program is relocatable, relocating it would seem to
be an easy way to gain some security.  Whether that's worth the cost
(in fragility and undebuggability) is another question.

Seth

Next message: Fred Cohen: "Preventing exploitation with rebasing"
Previous message: Jason Coombs: "RE: Observation on randomization/rebiasing..."
Next in thread: Carolyn Meinel: "Re: Preventing exploitation with rebasing"
Next in thread: Fred Cohen: "Preventing exploitation with rebasing"
Reply: Carolyn Meinel: "Re: Preventing exploitation with rebasing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 11:02:34 PST