Three different rebasing scenarios: (1) other people's compiled code (2) other people's source code (3) your own code Points: A. There are better things to do in the case of (2) and (3) than rebase the binary. B. In the case of (1) rebasing offers some value in certain circumstances, particularly if you have access to the source (2) -- in which case point A applies and you shouldn't bother with rebasing somebody else's binary. Rebase the entire build, and throw in a boatload of NOPs and other spaghetti. The less predictable your binaries are from the perspective of a remote attacker, the better. C. Remember the threat: uncontrolled/arbitrary remote procedure calls. Don't let them happen in the first place. Authenticate every caller. Filter and block all anonymous callers. Stop the bits from entering your box (or process space) in the first place. D. Don't allow compiled code to execute on your box unless it has been authorized to execute in advance based on its hash code. E. If code is vulnerable, don't use it. Jason Coombs jasonc@science.org
