Why Dont We All Pre-link ? for security ??

[qwijibow 0]

Many exploits, especially againsed network services are buffer overflows.

often, what buffer overflows are detected, a payload file containing the correct conditions to cause the overflow, and inject the correct machine code into memory are generated.

this payload has to be carefully crafted to cause the correct jump to the correct address.

the problem is, especially with closed source applications, is that every porgram is the same, (same exe for the same porgram version)

so why not run an application similar to pre-link to make each rpograms internal structure slightyl different?
a vunerable software version would still be vunerable, but no 2 computers could be hacked using the same payload, and an attempts o use an incorrectly crafted buffer overflow payload would hopefully crash the server (which is better than getting hacked, and forces the admins to apply the updates / patches)

i stared thinking about this after reading the man page of prelink.

DESCRIPTION      prelink  is  a program which modifies ELF shared libraries and ELF dynamically linked binaries, so that
      the time which dynamic linker needs for their relocation at startup significantly  decreases  and  also
      due  to  fewer relocations the run-time memory consumption decreases too (especially number of unshare-
      able pages). Such prelinking information is only used if all its dependant libraries have  not  changed
      since prelinking, otherwise programs are relocated normally.

OPTIONS:      -R --random
              When  assigning  addresses to libraries, start with random address within architecture dependant
              virtual address space range.  This can make some buffer  overflow  attacks  slightly  harder  to
              exploit,  because  libraries  are  not present on the same addresses accross different machines.
              Normally, assigning virtual addresses starts at the bottom of architecture dependant range.

this may be useless to manual hacks, but againsed automated virii, this could be a powerfull tool in slowing the damage, and lowering the body count.

Okay, you would first need to port it to win32, but the idea is there.

[jipman 0]

Okay, let's say it gets ported to win32.Then should one prelink windows too? (i mean the services). If every single copy of the file is slightly different, would it still be possible to make patches that fix all of those copies?

[qwijibow 0]

nope, thats what the undo feature is there for

prelink --undo ; patch ; prelink

-u --undo              Revert  binaries  and libraries to their original content before
              they were prelinked.  Without -a option  this  causes  only  the
              binaries  and  libraries  specified  on  the  command line to be
              reverted to their original state (and e.g. not  their  dependen-
              cies).  If  used  together  with  -a  option  all  binaries  and
              libraries from command line, all their dependencies,  all  bina-
              ries  found in directories specified on command line and in con-
              fig file and all their dependencies will be undone.

[tansqrx 0]

I will give you the point that it will be harder to implement some paloads but it will far from eliminate the problem as a whole. One common technique used is the NOP slides. Simply pad the payload with NOPs until the code gets to the correct memory address. Also does this adress using very common libaries, which many popular exploits use to break out of a certain memory space?