Difficulties facing the attacker

Attacker faces the following difficulties:

ProPolice: Must guess 32 bit number to overwrite frame pointer
                  or return address
ProPolice: Flags/pointers are below buffers in stack frames
W^X: Nothing writeable in the address space is executable
W^X: signal() trampoline is not writeable
W^X: GOT, PLT, and dtor are not writeable
W^X: const data is not executable
vectors are not writeable
sparc*: Must guess 32 bit number to overwrite return address
Shared libraries mapped at different addresses each time
malloc() and mmap() provide randomized allocation
malloc() and mmap() put in guard pages (mostly complete)
Many programs revoke their privilege
Many privileged programs separate their
    privileges into another process
Top of stack is randomly biased