On Sat, Mar 25, 2017 at 10:17:21PM -0400, Mouse wrote: > > [ASLR] is just one more check mark in the exploit building tool. > > Yes and no. > > It increases the work required to exploit any putative bugs.
Please read the constraints again. There are very few RCE against the kernels. The normal and reasonable assumption is the ability to execute local code. If you can execute local code, you can silently defeat kernel ASLR. Silently in the sense that all it requires is less than one hour of computation, but without otherwise doing suspicious activity. It is not harder in any combinatorial sense, i.e. it is additive overhead. That's quite different from the typical attack scenario for a server. Joerg