“The Openwall Project provides security related kernel patches
for Linux and BSD kernels. I read about this in Hardening Linux by
James Turnbull. The patch that most interested me was to prevent
executable code from running in the stack. That won’t prevent all
buffer overflow attacks, but it can stop some of them. I really
don’t understand why this isn’t just the default nowadays–I know
it can break some programs and debuggers, but it seems smart to
me.“I installed this on a RedHat ES system. That system was running
a 2.4.21 kernel, and had never installed kernel source, so the
first step was to go get a newer kernel…”