@feld @inference @Moon ASLR can help against a handful of exploits and usually requires a way to bypass it (ROPchains basically stop working if the code is ASLR'd, so you need a leak + a way to generate the ROPchain after that leak, which usually implies Turing completeness is needed to do math and prepare the exploit, etc)
fake vtables end up suffering from the same problem, heap funnies become a real pain, UAFs are less powerful on their own, etc...
it's really not a useless mitigation, but it really has to be done right, and it almost never is because there's almost always a range of predictable or statically adressed memory on Unix/Win32 systems; they weren't designed with that in mind from the ground up and they prefer to keep backwards compatibility