[28809] in bugtraq
Re: Preventing exploitation with rebasing
daemon@ATHENA.MIT.EDU (Richard Moore)
Thu Feb 6 13:56:40 2003
Message-ID: <3E42A07B.4040708@westpoint.ltd.uk>
Date: Thu, 06 Feb 2003 17:50:51 +0000
From: Richard Moore <rich@westpoint.ltd.uk>
MIME-Version: 1.0
To: Seth Breidbart <sethb@panix.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Seth Breidbart wrote:
> In theory, it's easy to prove that some programs cannot be relocated,
> period. Anybody who has been programming long enough has seen people
> re-use a memory location as both an address and a constant in order to
> keep the program small enough (12k OK; 12k + 2 bytes really bad
> news). That can't be relocated.
>
> Even under the assumption that locations aren't re-used, it's provably
> impossible (Turing-complete) to determine whether the contents of a
> location can be used as an address by a program.
Sure, that is a basic corollary of the Von-Neuman programming model
(whereby a program is simply a type of data). However, it is possible to
make this untrue if you modify the model slightly to make memory areas
that are executable unreadable. Of course you are then no longer running
on a Von-Neuman machine, so the Turing machine abstraction breaks down
somewhat. Unfortunately it is difficult to acheive this with modern CPUs
and even were it to be possible, there does need to be a part of the
system somewhere that can read/write to these segments in order to
handle the loading of shared libraries etc.
Cheers
Rich/
>
> That said, _if_ a program is relocatable, relocating it would seem to
> be an easy way to gain some security. Whether that's worth the cost
> (in fragility and undebuggability) is another question.
>
> Seth
>
