Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Preventing exploitation with rebasing

From: Torbjörn Hovmark <torbjorn.hovmark () abtrusion com>
Date: Tue, 4 Feb 2003 15:00:17 +0100
Hi David,


[...] Eventually I've rebased all of the DLLs used by SQL Server mutating
it's "genetic code", making it considerably different to any other SQL
Server install on the planet. In fact if I rebase every DLL on my system

and

every executable then I can make my box almost invulnerable to a given
exploit, past, present or future.


The idea is very elegant (in fact we have planned to include a variation of
it in an upcoming product), but unfortunately it will not work very well
with system DLLs. Many Windows system DLLs can't be safely rebased. Although
they include relocation information, they make assumptions about where in
memory they (or other system DLLs) will be loaded. Essentially, if you
rebase some of the system DLLs, your system will become unstable or will
fail to start. Also, many exes do not include relocation information at all
(since exes are loaded first they are not supposed to be relocated in normal
operation). You will not be able to rebase them either.

Best regards,

Torbjörn Hovmark
______________________________________
Abtrusion Security AB
   - next generation intrusion protection
http://www.abtrusion.com
Previous By Date Next
Previous By Thread Next

Current thread: