Bypass Canary

Question

If we enable ASLR, can we still exploit the stack_protector program?

• no, because the address of pawned is going to be different for every run.

• yes, because ASLR cannot work well when the canary is activated.

• yes, because ASLR randomizes the start address of a section, but the offsets remain the same.

• no, because the address to which addr points to is going to be random