PaX (http://pageexec.virtualave.net)

How grsecurity is involved in PaX’s strategy

nTo truly achieve the guarantee of no execution of arbitrary code, grsecurity must be used. The ACL/RBAC system or TPE can be used to ensure that an attacker can’t create a file with his payload in it, and mmap that executable via a ret-to-libc attack on the process.

nProtection against brute-forcing attacks is also part of PaX’s strategy. This is handled within grsecurity’s ACL/RBAC system by either denying execution of the app for a single user or for everyone (depending on whether the process was a network daemon or not).