Correct - the problem at the moment is that on every machine, things like the C runtime always load in exactly the same place in the per-process address space. This makes writing exploits that say, buffer-overrun into running a C runtime command, really easy.

ASLR makes this much harder because n...

[ more ]