Dailydave mailing list archives

Re: The sky's downward trajectory

From: "Dave Aitel" <dave.aitel () gmail com>
Date: Mon, 19 Feb 2007 19:00:57 -0500

Spender can go into great detail about all the differences between
GRSec/Linux and various other implementations of protections in the kernels
of every other OS...I remember at G-Con that he did this briefly for SELinux
and Trusted Solaris and it was great.

I looked into our MS07-007 today, and it doesn't use the
NtSetInformationProcess technique - it's quite different, which makes sense.
There's a lot of ways to skin this particular cat.

As a side note, setting your DEP value to AlwaysOn doesn't protect you from
NtSetInformationProcess calls - otherwise Java would break. Can't have that,
or the lawyers come a'callin'.

All your locals should defeat NX - it keeps you honest. :>

-dave

On 2/19/07, endrazine <endrazine () gmail com> wrote:


Hi dear readers,

Rhys Kidd a Ã(c)crit :
>
> So what does Microsoft provide to make this more secure?
>
> Firstly the push by Michael Howard et al to get ASLR implemented in
> Vista beta 2 and above means the addresses within ntdll.dll are going
> to be somewhat random, thereby making reliable use of this technique
> difficult. NX bit based defenses really should be implemented
> hand-in-hand with some form of memory randomisation, as was documented
> by the PaX project.
>
Put me in my place if I'm wrong, but adresses are only randomized once
at boot up, making the Vista randomization far less effective than a run
time randomization a la PaX. Well, at least, thats what I understood
from the Microsoft TechDays in Paris 2 weeks ago.
> Secondly, as Dave mentioned setting "AlwaysOn" in boot.ini should
> prevent DEP from being disabled on a per-process basis.
>
> HTH.
> Rhys
>

Regards,

endrazine-
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: The sky's downward trajectory, (continued)
- - - Re: The sky's downward trajectory ol (Mar 03)
    - Re: The sky's downward trajectory jf (Feb 20)
    - Re: The sky's downward trajectory Jonathan Wilkins (Feb 19)
    - Re: The sky's downward trajectory Halvar Flake (Feb 20)
    - Re: The sky's downward trajectory Halvar Flake (Feb 20)
    - Re: The sky's downward trajectory Alexander Sotirov (Feb 20)
    - Re: The sky's downward trajectory don bailey (Feb 21)
    - Re: The sky's downward trajectory don bailey (Feb 22)
    - Re: The sky's downward trajectory ol (Feb 23)
    - Re: The sky's downward trajectory don bailey (Feb 26)
    - Re: The sky's downward trajectory Dave Aitel (Feb 19)