Wikipedia has a pretty good explanation of what grsecurity and PaX do, but in a nutshell, here's what this set of patches buys you:

  • non-executable stack
  • address-space randomization
  • role-based access control
  • chroot hardening
  • enhanced auditing

If you're looking for a quick way of downloading the latest stable Linux kernel with the grsecurity patch already applied, clone this git repository (which can be browsed here):


I also maintain an RSS feed (well, an Atom feed actually) keeping track of the latest grsecurity and PaX test patches:

Finally, make sure you run paxtest to make sure that the protections offered by grsecurity and PaX are properly enabled.