Bugtraq mailing list archives
Re: Preventing exploitation with rebasing
From: Torbjörn Hovmark <torbjorn.hovmark () abtrusion com>
Date: Tue, 4 Feb 2003 15:00:17 +0100
Hi David,
[...] Eventually I've rebased all of the DLLs used by SQL Server mutating it's "genetic code", making it considerably different to any other SQL Server install on the planet. In fact if I rebase every DLL on my system
and
every executable then I can make my box almost invulnerable to a given exploit, past, present or future.
The idea is very elegant (in fact we have planned to include a variation of it in an upcoming product), but unfortunately it will not work very well with system DLLs. Many Windows system DLLs can't be safely rebased. Although they include relocation information, they make assumptions about where in memory they (or other system DLLs) will be loaded. Essentially, if you rebase some of the system DLLs, your system will become unstable or will fail to start. Also, many exes do not include relocation information at all (since exes are loaded first they are not supposed to be relocated in normal operation). You will not be able to rebase them either. Best regards, Torbjörn Hovmark ______________________________________ Abtrusion Security AB - next generation intrusion protection http://www.abtrusion.com
Current thread:
- RE: Preventing exploitation with rebasing Anonymous (Feb 04)
- <Possible follow-ups>
- Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: Preventing exploitation with rebasing sd (Feb 04)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re: Preventing exploitation with rebasing Eugene Tsyrklevich (Feb 04)
- Re: Preventing exploitation with rebasing Torbjörn Hovmark (Feb 04)
- Re: Preventing exploitation with rebasing dullien (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re[2]: Preventing exploitation with rebasing dullien (Feb 04)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 04)
- Re: Preventing exploitation with rebasing sd (Feb 04)
- Re: Preventing exploitation with rebasing Charlie Root (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Halvar Flake (Feb 05)
- Re: Preventing exploitation with rebasing Brian Hatch (Feb 05)
- Re: Preventing exploitation with rebasing Alan DeKok (Feb 05)
- Re: Can't Preventing exploitation with rebasing bugtraq (Feb 05)