Phrack has you covered, eg: from 2001:
The advanced return-into-lib(c) exploits: PaX case study by Nergal <nergal@owl.openwall.com>
http://phrack.org/issues/58/4.html#article
Think I actually looked at this and an (at the time) recent 0day for opensshd that was found and written up by a couple of Finnish students - as a motivational presentation for PaX and/or grsecurity while at university.
Phrack has you covered, eg: from 2001:
The advanced return-into-lib(c) exploits: PaX case study by Nergal <nergal@owl.openwall.com>
http://phrack.org/issues/58/4.html#article
Think I actually looked at this and an (at the time) recent 0day for opensshd that was found and written up by a couple of Finnish students - as a motivational presentation for PaX and/or grsecurity while at university.