None of those suggested techniques address stack cookies but okay, I’ll keep listening.
“We can overwrite parts of the heap, the problem is the heap is not executable on amd64 and arm64”
Doesn’t strike me as a misunderstanding at all—my current cpu/os combo also doesn’t ship with an executable heap. This strikes me as lazy editing, but not a clear misunderstanding.
Is the hardenedbsd web site's security feature comparison table up to date?
Edited to remove comment about my confusion that Carolinacon14 -> 2014; not the case. It's 2018.
It's misleading, if not outright inaccurate.