 Why Dont We All Pre-link ?, for security ?? |
|
|
|
|
  |
 May 13 2005, 07:32 AM
Post
#1
|
|
|
Way Out Of Control - You need a life :)  Group: Members Posts: 1,366 Joined: 14-September 04 From: Nottingham England Member No.: 570  |
Many exploits, especially againsed network services are buffer overflows.
often, what buffer overflows are detected, a payload file containing the correct conditions to cause the overflow, and inject the correct machine code into memory are generated. this payload has to be carefully crafted to cause the correct jump to the correct address. the problem is, especially with closed source applications, is that every porgram is the same, (same exe for the same porgram version) so why not run an application similar to pre-link to make each rpograms internal structure slightyl different? a vunerable software version would still be vunerable, but no 2 computers could be hacked using the same payload, and an attempts o use an incorrectly crafted buffer overflow payload would hopefully crash the server (which is better than getting hacked, and forces the admins to apply the updates / patches) i stared thinking about this after reading the man page of prelink. QUOTE DESCRIPTION prelink is a program which modifies ELF shared libraries and ELF dynamically linked binaries, so that the time which dynamic linker needs for their relocation at startup significantly decreases and also due to fewer relocations the run-time memory consumption decreases too (especially number of unshare- able pages). Such prelinking information is only used if all its dependant libraries have not changed since prelinking, otherwise programs are relocated normally. QUOTE OPTIONS: -R --random When assigning addresses to libraries, start with random address within architecture dependant virtual address space range. This can make some buffer overflow attacks slightly harder to exploit, because libraries are not present on the same addresses accross different machines. Normally, assigning virtual addresses starts at the bottom of architecture dependant range. this may be useless to manual hacks, but againsed automated virii, this could be a powerfull tool in slowing the damage, and lowering the body count. Okay, you would first need to port it to win32, but the idea is there. |
 |
 
|
|
May 13 2005, 11:09 AM
Post
#2
|
|
|
Pretty please? Group: Members Posts: 733 Joined: 28-November 04 From: Holland Member No.: 1,552 |
Okay, let's say it gets ported to win32.
Then should one prelink windows too? (i mean the services). If every single copy of the file is slightly different, would it still be possible to make patches that fix all of those copies? |
|
|
|
|
May 14 2005, 09:37 PM
Post
#3
|
|
|
Way Out Of Control - You need a life :) Group: Members Posts: 1,366 Joined: 14-September 04 From: Nottingham England Member No.: 570 |
nope, thats what the undo feature is there for
 prelink --undo ; patch ; prelink QUOTE -u --undo
Revert binaries and libraries to their original content before they were prelinked. Without -a option this causes only the binaries and libraries specified on the command line to be reverted to their original state (and e.g. not their dependen- cies). If used together with -a option all binaries and libraries from command line, all their dependencies, all bina- ries found in directories specified on command line and in con- fig file and all their dependencies will be undone. |
|
|
|
|
May 16 2005, 10:11 PM
Post
#4
|
|
|
Super Member  Group: [HOSTED] Posts: 522 Joined: 25-April 05 Member No.: 4,374 |
I will give you the point that it will be harder to implement some paloads but it will far from eliminate the problem as a whole. One common technique used is the NOP slides. Simply pad the payload with NOPs until the code gets to the correct memory address. Also does this adress using very common libaries, which many popular exploits use to break out of a certain memory space?
|
|
|
|
 |
Similar Topics
|
Lo-Fi Version | Time is now: 7th September 2008 - 02:50 AM |