PaX Team on SMEP/SMAP and UDEREF.

https://forums.grsecurity.net/viewtopic.php?f=7&t=3046

One of many times where PaX and Grsecurity are years ahead of the game.

 

I took a look at Grsecurity but found it too overwhelming, especially at the kernel compiling step I'm pretty content with getting my web-facing applications Apparmored.

 

It's not too hard to compile honestly. I did it very early on in my time with Linux. If you follow my guide it should be a simple matter of copy/pasting terminal commands and then hitting 'space' a bunch to enable mitigations (all of which I list and tell which to check).

Apparmor's great but a kernel exploit will bypass it. Now it naturally makes kernel exploits harder to carry out and remote exploits more difficult but if you're looking for the highest level of security it's PaX and Grsec.

Naturally we're average home users. We have a lot less to worry about when it comes to security so with Apparmor you're already way more secure than the average Windows user.

 

I'll take a look at your guide when I work up the enthusiasm to have a go at Grsecurity. Messing things up isn't a concern, at least, because I have a recent image to fall back on if needed.

 

You can always boot into antoher kernel through GRUB.

 

Yep. They invented ASLR and get no credit for it. Most people think it is a Microsoft invention, even though PaX was running on Linux about 5 years before MS (and now Apple) copied the technology.