[28744] in bugtraq
Re: Preventing exploitation with rebasing
daemon@ATHENA.MIT.EDU (Eugene Tsyrklevich)
Tue Feb 4 14:26:36 2003
Date: Tue, 4 Feb 2003 03:34:32 -0800
From: Eugene Tsyrklevich <eugene@securityarchitects.com>
To: David Litchfield <david@ngssoftware.com>
Message-ID: <20030204033432.D1804@securityarchitects.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <006b01c2cc0b$78d7cb70$2501010a@recovery>; from david@ngssoftware.com on Mon, Feb 03, 2003 at 09:08:35PM -0800
> Rebasing
> *******
> The problem with operating systems is that they all have pretty much the
> same "genetic code" which makes each and every one of them vulnerable to a
> new exploit. So we need to make them different and this can be achieved
> through rebasing. Rebasing is the process of changing the Image Base of an
> image file. By doing this the DLL/EXE is loaded into a different location in
> the virtual address space.
Similar idea, applied to the location of stack, was implemented in OpenBSD.
This is from OpenBSD CVS (August 2001):
"Add a possibility to add a random offset to the stack on exec. This makes
it slightly harder to write generic buffer overflows. This doesn't really
give any real security, but it raises the bar for script-kiddies and it's
really cheap.
The range of the random offsets is controlled by the sysctl
kern.stackgap_random (must be a power of 2)."
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/kern_exec.c.diff?r1=1.54&r2=1.55
