When considering heap overflows in the context of "Linux",
the (old) w00w00 article is the standard reference. When it comes
to heap overflow protection, I am always pointed towards Pitbull
(SuSE, RedHat) or grsecurity (via PAX: also randomisation of
heap base). I also stumbled upon wkr Heap protection. What about
RSBAC? Does it work (I have no idea )?
Hence, a lot of options, but has anyone experience with them?
Are they "common" (again, indicating my ignorance - I just realised
I wasn't bothered with this for a long time)?
And - are these methods a reasonable approach anyway?
What about "compartmentalization and separation of processes"-
approaches (as in SELinux and flavours)? Is this the future or
already present day?
(the idea behind: remove one of the necessary conditions and a vulnerability
just becomes a security flaw. The heap overflow ceases to be exploitable.)
P.s. I also realised it is much harder to ask questions than to answer