From: Nate Lawson (nateroot.org)
Date: Thu Feb 04 2010 - 23:51:39 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexander Sotirov wrote:
> On Thu, Feb 04, 2010 at 08:06:33PM +0100, Thierry Zoller wrote:
>>> now, after reading the paper let me know if it requires a 'fix' as you
>>> said, or a re-design/engineering and re-implementation of the JIT
>>> itself. ;)
>> Does not compute either. By "fix" I abviously assumed "redesign/eginner"
>> the JIT. The point was that ASLR/DEP is not dead because of error in a
>> JIT.
>
> Are you making the claim that JIT spraying can be stopped by redesigning the
> JIT? How exactly would you redesign the JIT to avoid inserting bytes controlled
> by the attacker into the generated instruction stream?

This is one reason why I expect the techniques of software protection to
become more widespread in general-purpose systems. Things like
obfuscation, heap randomization, integrity self-checks, linker module
encryption, etc. were once the domain of copy protection systems or the
like.

But if your JIT compiler starts generating randomized, obfuscated native
code with embedded self-checks, now it starts getting harder to use the
output in a predictable way. I see this as a natural extension of the
process that started with ASLR.

--
Nate

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]