Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W - X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables are also randomized at run-time are able to defend against return-oriented programming, as the addresses of all instructions are randomized.
In this paper, we show that due to the weakness of current address space randomization technique, there are still ways of launching return-oriented programming attacks against those well-protected systems efficiently. We demonstrate and evaluate our attacks with existing typical web server applications and discuss possible methods of mitigating such threats.