nRANDEXEC
nRandomizes the placement of code in ET_EXEC
binaries.
nUses the same segmentation feature as SEGMEXEC.
nCode in an ET_EXEC binary is mirrored at a random
location. The code still exists as data in the data segment.
nWhen execution of the program enters the binary image, a
page fault is raised and
analyzed.
nThe analysis checks to see if the entry into the binary
image was legitimate or caused by
a ret-to-libc style attack. If it was
legitimate, execution is redirected
into the randomized mirror; otherwise, the application is killed.
nRANDEXEC can cause false positives in certain
applications. Also since it does not randomize data in the binary, it is not a
replacement for ET_DYN. RANDEXEC was developed merely as a proof of
concept.