Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Observation on randomization/rebiasing...

From: "Jason Coombs" <jasonc () science org>
Date: Thu, 6 Feb 2003 07:21:19 -1000
There are good reasons for extensible architectures. No changes are needed
in this respect, we simply must restrict the scope of that extensibility at
run-time to authorized add-on modules. Other programmers can make it easier
for us to do so by adding some forensic profiling code to their programs,
but this is not necessary to achieve substantially-improved practical
control over the extensible code modules we allow to execute, including the
ability to detect when arbitrary malicious code succeeds in overflowing a
buffer and smashing the stack. Every path through third-party code that we
have not profiled and explicitly authorized is simply denied by default,
including portions of third-party code that are not harmful or of malicious
foreign origin, so that in essence the defense says:

"We will only allow code to execute that we have previously executed during
forensic testing. Everything else is denied by default until we analyze its
origin and intended function."

Jason Coombs
jasonc () science org

-----Original Message-----
From: Michael Wojcik [mailto:Michael.Wojcik () MicroFocus com]
Sent: Wednesday, February 05, 2003 10:43 PM
To: BugTraq
Cc: jasonc () science org; Nicholas Weaver
Subject: RE: Observation on randomization/rebiasing...



From: Jason Coombs [mailto:jasonc () science org]
Sent: Wednesday, February 05, 2003 5:08 PM



A properly security-hardened binary DOES NOT require support
for arbitrary relocations, arbitrary dynamic library injection,
arbitrary code injection resulting in new execute paths defined at
run-time, and the type of programmability required by software
developers. Once code has been compiled and linked, even when that
code makes use of dynamic libraries, there is no longer any unknown.


There are plenty of examples of programs and libraries that by design load
and execute independently-developed code: browser plugins, ISAPI, and so
forth.  Leaving aside for the moment the question of whether this is a Good
Thing, or whether it fits someone's definition of "a properly
security-hardened binary", it's certainly a popular approach.  The security
community has not to date had much luck convincing users and programmers to
adopt even its uncontroversial recommendations; I doubt you'll get any
traction with this one.

Michael Wojcik
Principal Software Systems Developer, Micro Focus
Previous By Date Next
Previous By Thread Next

Current thread: