This bug certainly needs patching, but its severity is very low. The lack of ASLR isn't in itself security vulnerability.

ASLR turns some unsuccessful buffer overflow attacks into system crashes. About all that can be said for address space randomization is that it's better than doing nothing. It has the useful feature that it makes it harder to reproduce buffer overflow bugs, which allows developers to avoid the work of finding and fixing them.

"We must do something. This is something. Therefore we must do this." - Yes, Minister

That's pretty much what were left with for unsafe code protection eh? And still stuff gets through... I'm wondering why we don't have runtime code rewriting, where the loader reorders code fragments, inserts unconditional jumps in places, etc. to make exploitation harder.

It is suspected that Denuvo DRM does the whole in-memory rewriting

applying something like that to prevent memory-based abuse and the such would be interesting

> All Linux versions prior to 3.19-rc3 are affected.

I'm using 3.14.15 (and yes, I greatly enjoy the number) and I'm not affected.

I'm guessing "RandomCode" is a new username for "TempleOS"?