Has similar work been done in FreeBSD been done? This would be a nice feature in 5.0-CURRENT. We had SecureBSD, and the IBM port of propolice, but both projects appear to be defunct at present. If we can integrate MAC into the kernel, why not port over OpenBSD's rebasing implementation from /src/sys/kern/kern_exec.c?
--jbl ----- Forwarded message from Eugene Tsyrklevich <[EMAIL PROTECTED]> ----- Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Unsubscribe: <mailto:[EMAIL PROTECTED]> List-Subscribe: <mailto:[EMAIL PROTECTED]> Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: moderator for [EMAIL PROTECTED] Date: Tue, 4 Feb 2003 03:34:32 -0800 From: Eugene Tsyrklevich <[EMAIL PROTECTED]> To: David Litchfield <[EMAIL PROTECTED]> Subject: Re: Preventing exploitation with rebasing User-Agent: Mutt/1.2.5i In-Reply-To: <006b01c2cc0b$78d7cb70$2501010a@recovery>; from [EMAIL PROTECTED] on Mon, Feb 03, 2003 at 09:08:35PM -0800 > Rebasing > ******* > The problem with operating systems is that they all have pretty much the > same "genetic code" which makes each and every one of them vulnerable to a > new exploit. So we need to make them different and this can be achieved > through rebasing. Rebasing is the process of changing the Image Base of an > image file. By doing this the DLL/EXE is loaded into a different location in > the virtual address space. Similar idea, applied to the location of stack, was implemented in OpenBSD. This is from OpenBSD CVS (August 2001): "Add a possibility to add a random offset to the stack on exec. This makes it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2)." http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/kern_exec.c.diff?r1=1.54&r2=1.55 ----- End forwarded message ---- - To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
