Re: ASLR+DEP = no problem. :>

[Nate Lawson <nate () root org>]

Alexander Sotirov wrote:
> On Thu, Feb 04, 2010 at 08:06:33PM +0100, Thierry Zoller wrote:
> > > now, after reading the paper let me know if it requires a 'fix' as you
> > > said, or a re-design/engineering and re-implementation of the JIT
> > > itself. ;)
> > Does not compute either. By "fix" I abviously assumed "redesign/eginner"
> > the JIT. The point was that ASLR/DEP is not dead because of error in a
> > JIT.
>
> Are you making the claim that JIT spraying can be stopped by redesigning the
> JIT? How exactly would you redesign the JIT to avoid inserting bytes controlled
> by the attacker into the generated instruction stream?

This is one reason why I expect the techniques of software protection to
become more widespread in general-purpose systems. Things like
obfuscation, heap randomization, integrity self-checks, linker module
encryption, etc. were once the domain of copy protection systems or the
like.

But if your JIT compiler starts generating randomized, obfuscated native
code with embedded self-checks, now it starts getting harder to use the
output in a predictable way. I see this as a natural extension of the
process that started with ASLR.

-- 
Nate

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave