There are good reasons for extensible architectures. No changes are needed in this respect, we simply must restrict the scope of that extensibility at run-time to authorized add-on modules. Other programmers can make it easier for us to do so by adding some forensic profiling code to their programs, but this is not necessary to achieve substantially-improved practical control over the extensible code modules we allow to execute, including the ability to detect when arbitrary malicious code succeeds in overflowing a buffer and smashing the stack. Every path through third-party code that we have not profiled and explicitly authorized is simply denied by default, including portions of third-party code that are not harmful or of malicious foreign origin, so that in essence the defense says:
"We will only allow code to execute that we have previously executed during forensic testing. Everything else is denied by default until we analyze its origin and intended function." Jason Coombs [EMAIL PROTECTED] -----Original Message----- From: Michael Wojcik [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 10:43 PM To: BugTraq Cc: [EMAIL PROTECTED]; Nicholas Weaver Subject: RE: Observation on randomization/rebiasing... > From: Jason Coombs [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 05, 2003 5:08 PM > A properly security-hardened binary DOES NOT require support > for arbitrary relocations, arbitrary dynamic library injection, > arbitrary code injection resulting in new execute paths defined at > run-time, and the type of programmability required by software > developers. Once code has been compiled and linked, even when that > code makes use of dynamic libraries, there is no longer any unknown. There are plenty of examples of programs and libraries that by design load and execute independently-developed code: browser plugins, ISAPI, and so forth. Leaving aside for the moment the question of whether this is a Good Thing, or whether it fits someone's definition of "a properly security-hardened binary", it's certainly a popular approach. The security community has not to date had much luck convincing users and programmers to adopt even its uncontroversial recommendations; I doubt you'll get any traction with this one. Michael Wojcik Principal Software Systems Developer, Micro Focus
