Address space randomization

Added to 2.6.12
Previously shipped in RH kernels

What it does
Give each process a random stack address
Randomize the mmap area too

Why bother?
Foil buffer overflow attacks

How secure is it?
Can be overcome by a local attacker
Effective against remote script kiddies