Summary


Attacker faces the following difficulties:

1.   Must guess 32 bit number to overwrite frame pointer or return address
2.   Flags/pointers are below buffers in stack frames
3.   Nothing writeable in the address space is executable
4.   signal() trampoline is not writeable
5.   GOT, PLT, and dtor are not writeable
6.   const data is not executable
7.   atexit() and stdio _cleanup vectors are not writeable
8.   Shared libraries mapped at different addresses each time
9.   malloc() and mmap() provide randomized allocation
10.   malloc() and mmap() put in guard pages (incomplete)
11.   Top of stack is randomly biased
12.   Many privileged daemons or programs revoke that privilege
13.   Other privileged daemons or programs separate the privileges into
        another process