I keep hearing these kinds of absolutist arguments "it doesn't fix
100% of cases, therefore it's no use", and it's really silly. The
point is not whether it is 100% effective, but whether it provides an
*improvement* in security. This patch apparently costs nothing in
functionality, so it has no side-effects. What's the problem?
This is an imperfect world, and rejecting something because it isn't
perfect doesn't help. It won't *force* applications to be more
careful, which is what some may hope for.
"The point of locks on your house is not to stop burglars, but to make
it harder for them so that they try the next house down the street".
Question: how much kernel bloat is required for the anti-exec-stack