Bugtraq mailing list archives
Re: Preventing exploitation with rebasing
From: Richard Moore <rich () westpoint ltd uk>
Date: Thu, 06 Feb 2003 17:50:51 +0000
Seth Breidbart wrote:
In theory, it's easy to prove that some programs cannot be relocated, period. Anybody who has been programming long enough has seen people re-use a memory location as both an address and a constant in order to keep the program small enough (12k OK; 12k + 2 bytes really bad news). That can't be relocated. Even under the assumption that locations aren't re-used, it's provably impossible (Turing-complete) to determine whether the contents of a location can be used as an address by a program.
Sure, that is a basic corollary of the Von-Neuman programming model (whereby a program is simply a type of data). However, it is possible to make this untrue if you modify the model slightly to make memory areas that are executable unreadable. Of course you are then no longer running on a Von-Neuman machine, so the Turing machine abstraction breaks down somewhat. Unfortunately it is difficult to acheive this with modern CPUs and even were it to be possible, there does need to be a part of the system somewhere that can read/write to these segments in order to handle the loading of shared libraries etc.
Cheers Rich/
That said, _if_ a program is relocatable, relocating it would seem to be an easy way to gain some security. Whether that's worth the cost (in fragility and undebuggability) is another question. Seth
Current thread:
- Re: Preventing exploitation with rebasing, (continued)
- Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
- Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)
- RE: Preventing exploitation with rebasing Riley Hassell (Feb 05)
- Re: [VulnDiscuss] Preventing exploitation with rebasing Michal Zalewski (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: Preventing exploitation with rebasing Bugtraq User (Feb 05)
- Re: Preventing exploitation with rebasing D.C. van Moolenbroek (Feb 05)
- Re: Preventing exploitation with rebasing Michal Zalewski (Feb 05)
- Re: Preventing exploitation with rebasing Todd Sabin (Feb 05)
- Re: Preventing exploitation with rebasing Seth Breidbart (Feb 06)
- Re: Preventing exploitation with rebasing Richard Moore (Feb 06)
- Re: Preventing exploitation with rebasing Carolyn Meinel (Feb 07)
- Re: Preventing exploitation with rebasing Dave Aitel (Feb 05)
- Preventing exploitation with rebasing Fred Cohen (Feb 06)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 07)
- RE: Preventing exploitation with rebasing Ilya Dubinsky (Feb 07)