Bug#521482: closed by maximilian attems <max@stro.at> (Re: Bug#521482: linux-2.6: adopt hardening patches (execshield and grsecurity) into default kernel packages for squeeze)

[Michael Gilbert <michael.s.gilbert@gmail.com>]

> get them upstream merged
> see http://wiki.debian.org/DebianKernelPatchAcceptanceGuidelines

but doesn't it make sense to be proactive about security?  this isn't
really a security "fix", but it a security improvement.

i can't even fathom how to get this merged upstream since redhat has
been working on execshield for over 5 years or so and hasn't been
able to merge it themselves...

> or better use selinux and improve it!!

selinux has a different scope.  it doesn't do things like adress space
randomization and doesn't preventing stack smashing (which is what
execshield is designed for).  supposedly vista does this stuff really
well now, and it's dissapointing that linux is behind the curve (well
at least fedora has it, so part of the community has the extra
protection).