Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Nate Lawson (nateroot.org)
Date: Thu Feb 04 2010 - 23:51:39 CST
Alexander Sotirov wrote:
> On Thu, Feb 04, 2010 at 08:06:33PM +0100, Thierry Zoller wrote:
>>> now, after reading the paper let me know if it requires a 'fix' as you
>>> said, or a re-design/engineering and re-implementation of the JIT
>>> itself. ;)
>> Does not compute either. By "fix" I abviously assumed "redesign/eginner"
>> the JIT. The point was that ASLR/DEP is not dead because of error in a
> Are you making the claim that JIT spraying can be stopped by redesigning the
> JIT? How exactly would you redesign the JIT to avoid inserting bytes controlled
> by the attacker into the generated instruction stream?
This is one reason why I expect the techniques of software protection to
become more widespread in general-purpose systems. Things like
obfuscation, heap randomization, integrity self-checks, linker module
encryption, etc. were once the domain of copy protection systems or the
But if your JIT compiler starts generating randomized, obfuscated native
code with embedded self-checks, now it starts getting harder to use the
output in a predictable way. I see this as a natural extension of the
process that started with ASLR.
Dailydave mailing list