This page shows where stopping points are placed with the security enhancements suggested by D:SbD. Not all attack vectors are dampened; it is still possible, for example, to exploit a badly designed e-mail client which runs attached perl scripts setuid root automatically without asking by default. Other buffer overflow attacks, possibly heap based ones, that may involve changing certain data such as IP addresses to make connections to may allow an attacker to have programs send them sensitive information.
(1) Stack Smashes are prevented by Stack Smash Protection.
(2) Pointer Corruption from stack smashes, which can affect the program before the "guard" value is checked, can also be prevented with Stack Smash Protection. The IBM Stack Smash Protector copies pointers in function arguments to local variables below buffers.
(3) Return to Libc attacks are prevented by the ASLR in PaX. A system should deploy Position Independent Executables to complete the randomization by allowing PaX to easily map the base of the executable binary at a randomly chosen offset.
(4) Code Injection is impossible to perform directly due to the executable space protections enforced under PaX. Indirect code injection can be done by writing code to a file and using mmap() to map the file in as executable, or by creating and executing scripts; however, this requires repeted successful Return to Libc attacks.