Originally Posted by Dragoran
Selinux does the same, programs are not allowed to execute code unless explicitly granted.
The nvidia-installer labels the files "textrel_shlib_t" which let selinux allow it to do what it does.
PAX and grsecurity do much more than not allowing programs to execute code. SELinux is a type of access control list system. PAX and grsecurity is different but could be used with it.
Currently PAX is not letting the nvidia driver libGL execute code it wrote to data memory. Can you imagine what a hacker/cracker would do if he could put code in a memory location that has been mark as data and then execute it? They could get control of the whole system and you wouldn't even know it.
Nvidia's way of doing this driver, at least the way things are done now with Xorg and everything, is a BIG security risk and everyone is at risk. What if there are security holes in the Nvidia driver? A hacker/cracker could exploit that and get root access and you can kiss your system goodbye