[28758] in bugtraq
Re: [VulnDiscuss] Preventing exploitation with rebasing
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Tue Feb 4 16:38:15 2003
Date: Mon, 3 Feb 2003 13:49:31 -0800 (PST)
From: Michal Zalewski <lcamtuf@coredump.cx>
To: David Litchfield <david@ngssoftware.com>
In-Reply-To: <006b01c2cc0b$78d7cb70$2501010a@recovery>
Message-ID: <Pine.LNX.4.42.0302031345000.31517-100000@nimue.bos.bindview.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 3 Feb 2003, David Litchfield wrote:
> Use addresses such as 0x**000000 or 0x00**0000 for the new image base.
> With there being a NULL in much of the image's address space this will
> help. (This of course won't make a difference with unicode overflows)
Just FYI, both techniques are somewhat old in the *nix world. NUL in the
address is, among others, implemented by the Openwall kernel patch on
Linux, and PaX randomizes stack and executable base mapping addresses.
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2003-02-03 13:45 --
