if I read between the lines of this @grsecurity post… PaX doesn’t have userland stack proving and thus isn’t immune, despite claim @ start?

what probing do you mean? the kernel doesn't do anything like that, it enforces a heap-stack gap instead (in PaX since 2010AD).

how large a gap?

it's in the advisory, did you read it? ;)

i see, 64kb. i suppose it’s the best you can do from the kernel, but the problem is thinking that the problem should be solved in the kernel

and then claiming it is solved when it’s not :)

of course you're welcome to prove us wrong but if beating RAP's taking this long, i'm not holding my breath here either ;).

to be clear, you are claiming that there are zero stack jumping vulnerabilities in common programs that can be exploited with PaX?