This is only partly obfuscation. Making variables read-only and restricting some rarely used, highly exploitable functions definitely isn't.
Also, this randomization, though useless in theory, makes practical ecploitation far harder. It's like saying your lock screen is useless because your attacker has physical access. It's true, but it works in 99,999% percent of the cases anyway.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: IMO you can't solve security by adding more stuff
Date: 2016-07-03 08:58 pm (UTC)Also, this randomization, though useless in theory, makes practical ecploitation far harder. It's like saying your lock screen is useless because your attacker has physical access. It's true, but it works in 99,999% percent of the cases anyway.