Newer Windows and now iPhone's version of macOS X have some heap/mmap/stack/base adresse randomisation built-in... (Yes, this is technical!)
I think it would be very important to the platform's future to integrate such features as they don't cost much in terms of cpu cycles but saves a lot of headaches if a worm was to be written for it...
And as we all know, every platform has holes!
A project like GrSecurity should be ported to the base kernel in time for Harmattan.
Hopefully GrSec is not too x86 specific (even though i see other platforms supported now but not arm. I'm sure a port wouldn't be too time expensive). It would put the platform above other's in term of security readiness.
Other security measures are of course to be considered but this would really put a basic trust level on the system by stopping most stack based remote attacks.
(Granted this is mostly not a server and won't get exploited through some php coding errors like it's most often the case these days).
If you think exploits only work on the server side, think again!
People are hacking servers to modify them so they can then trigger exploits in the clients visiting the server!
Implementing this solution would result in your application crashing if someone tried to exploit it, but that's all, your n900 would not be owned by some remote mob...
This is very important as this platform contains everything that is personal. It's even more so as a lot of N900 will be linked together through different social networks and the like in the future, making this "device web" easy to browse for a worm and it's now linked to the global cellular network...
We're really at a cross of computers and cellulars now and we don't want to be the first to show how this can get abused... :-)
