On 2/27/18 9:52 PM, Kees Cook wrote: > I'd like more details on the threat model here; if it's just a matter > of .so loading order, I wonder if load order randomization would get a > comparable level of uncertainty without the memory fragmentation,
This also seems to assume that leaking the address of one single library isn't enough to mount a ROP attack to either gain enough privileges or generate a primitive that can leak further information. Is this really the case? Do you have some further data around this? - twiz
