Bugtraq mailing list archives
Re: Preventing exploitation with rebasing
From: Alun Jones <alun () texis com>
Date: Wed, 05 Feb 2003 15:49:13 -0600
At 05:38 AM 2/4/2003, Charlie Root wrote:
Rebasing might be usefull up to some point. But it contains a "mental" vulnerability. If one would apply this technique he would probably think he is safe and neglect updating his security. Oh, and one more thing... I'm not sure about this since I have little expirience in windows: security-patches don't relly on the same "genetic code" as exploits ? If one would rebase his entire system would he still be able to properly apply security patches ?
The worse problem, IMHO, is that rebasing executables and/or DLLs makes it harder to report and fix any GPFs that do occur. If you report a GPF, it's going to come out with an offset that doesn't represent the correct area of code. Perhaps the Dr Watson log provides enough information for a savvy developer to trace through and find where the _real_ address is in the base code, but there's so little documentation on the information contained in a Dr Watson log output, that most developers haven't the first clue of how to find the function that's at fault, unless your addresses match theirs.
Alun. ~~~~ -- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email alun () texis com Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.
Current thread:
- Re: Preventing exploitation with rebasing, (continued)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Halvar Flake (Feb 05)
- Re: Preventing exploitation with rebasing Brian Hatch (Feb 05)
- Re: Preventing exploitation with rebasing Alan DeKok (Feb 05)
- Re: Can't Preventing exploitation with rebasing bugtraq (Feb 05)
- Re[2]: Can't Preventing exploitation with rebasing dullien (Feb 05)
- Observation on randomization/rebiasing... Nicholas Weaver (Feb 05)
- RE: Observation on randomization/rebiasing... Jason Coombs (Feb 05)
- Re: Preventing exploitation with rebasing Crispin Cowan (Feb 05)
- Re: Preventing exploitation with rebasing David S Goldberg (Feb 05)
- Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
- Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)
- Re: Preventing exploitation with rebasing Bugtraq User (Feb 05)
- Re: Preventing exploitation with rebasing D.C. van Moolenbroek (Feb 05)
- Re: Preventing exploitation with rebasing Michal Zalewski (Feb 05)
- Re: Preventing exploitation with rebasing Todd Sabin (Feb 05)
- Re: Preventing exploitation with rebasing Seth Breidbart (Feb 06)
- Re: Preventing exploitation with rebasing Richard Moore (Feb 06)