[$] Hardening the kernel against heap-spraying attacks

While a programming error in the kernel may be subject to directexploitation, usually a more roundabout approach is required to takeadvantage of a security bug. One popular approach for those wishing totake advantage of vulnerabilities is heap spraying, andit has often been employed to compromise the kernel. In the future,though, heap-spraying attacks may be a bit harder to pull off, thanks to the"dedicated bucket allocator" proposed by Kees Cook.