I don't usually endorse security products, but I will say that when it comes to Linux security, the ONLY .. and I mean ONLY Linux systems that me or anyone I know have not been able to consistently achieve privesc against are grsecurity protected systems.

Few, if any, people can lay claim to a bigger impact on modern exploit mitigation than the PaX and grsecurity teams. Their work has shaped how security works today, and they continue to remain at the forefront. Grsecurity is built and trusted by experts.

Draper strongly recommends grsecurity to all of our Department of Defense (DoD) customers so they have the latest and state-of-the-art in vulnerability prevention and exploit defense.

When building systems that hold sensitive customer data, no other platform is as trusted by professional security engineers, like those at Immunity, than grsecurity. We have 15 years of experience breaking systems, and grsecurity has 15 years of experience protecting them from people like us.

A lot of work has been done in the past 17 years on exploit mitigations - some practical, and some effective. Very few mechanisms were both practical and effective. The grsecurity and PaX team have been behind almost all of them.

The people behind grsecurity/PaX are pioneers in computer security. Your Linux servers are in good hands with them.

During the Bugtraq "golden era" I witnessed first-hand the direct effect of the pioneering research by the grsecurity and PaX team on real world vulnerability exploit feasibility. What was once possible with a simple stack overflow now requires a complex multiple-vulnerability bug chain.

You can thank Grsecurity/PaX for many of the memory safety mitigations the world relies on today. These projects redefined software security.

PaX and grsecurity are world class innovators in software security. They have played a pivotal role in creating multiple exploit mitigation technologies that are now considered industry standard.

grsecurity and PaX have driven the state of the art in effective and realistic exploit mitigations for the past 17+ years. They've defined what are now considered industry standards and are still ahead of what's coming in the future elsewhere.