All ASLR-style defences have entirely practical statistical attacks, so if the threat you're modelling wouldn't be phased by that then it's worthless /for that model/. This is a contrast to something like W^X which isn't statistical, an attack that's stopped by W^X is stopped, maybe it can be re-activated by another route, but it can't just be retried (or used against more hosts) with the expectation that it will eventually work.
I make the distinction _entirely practical_ because there are theoretical statistical attacks against a lot of things which we can discount. We quite reasonably don't consider "just guessing" a 128 bit AES secret key to be a practical attack on a scheme using AES encryption for example.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds