Vista's Address Space Layout Randomizer

Shipping with Vista Beta 2, there is a new security feature called Address Space Layout Randomization (a.k.a ASLR); other than being a mouthful, this helps defend against buffer overrun exploits. It does this by moving the entry points into the system dll’s around randomly in memory. Its all about odd, and there are 256 locations it can be loaded in, or in other words there is a 1/256 chance of getting the address correct. This will help make the attacks such as return-to-libc (which start with a buffer overflow) harder. This of course is not a replacement for writing poor code or fixing the actual overruns found, but it would certainly go a long way in reducing automated attacks that use this exploit.

There are some other new things that help make this more secure. VC++ features the new generation of /GS (which adds runtime buffer overflow detection) and /SafeSEH (which enables the OS to kill a process wherein a raised ex handler’s address does not match with a list in the PE’s header) switches. There is also function pointer obfuscation, especially handy for the long lived pointers, where the pointers are decoded just before it is needed.

While I think this certainly is a step in the right direction, it is of course not perfect and I said earlier it does not fix the problem of buggy code. It is important to point out the four areas this does not address – Information leaks, partial address overwrites, brute force and non-relocated executables (such as EXE’s). There are people working on these and there might be some solutions or workarounds that are implemented, but nevertheless this is all an interesting step. Not to mention, Windows finally also catches up on Linux features on this. 🙂

If you want more details check out the following:

Published by

Amit Bahree

This blog is my personal blog and while it does reflect my experiences in my professional life, this is just my thoughts. Most of the entries are technical though sometimes they can vary from the wacky to even political – however that is quite rare. Quite often, I have been asked what’s up with the “gibberish” and the funny title of the blog? Some people even going the extra step to say that, this is a virus that infected their system (ahem) well. [:D] It actually is quite simple, and if you have still not figured out then check out this link – whats in a name?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.