Hopefully the future "pointer encryption" routines in libc will help head this off as well. Patches are welcome, though I suspect, as you say, there are many more things beyond just "/bin/sh" in the libc code, including possible register build-up chaining[1], which would be nearly impossible to stop without lots of work.
Hopefully the future "pointer encryption" routines in libc will help head this off as well. Patches are welcome, though I suspect, as you say, there are many more things beyond just "/bin/sh" in the libc code, including possible register build-up chaining[1], which would be nearly impossible to stop without lots of work.
[1] http:// www.suse. de/~krahmer/ no-nx.pdf