One of the things that Microsoft did right (and are about to discontinue it soon) is their
EMET. This mitigation utility can be best described as an "exploit watcher". You add vulnerable programs to its watchlist and if it detects an exploit (such as buffer overflow) it will kill the affected process.
This thread is about this: does an equivalent program exist for Linux? (And preferably one that doesn't require the kernel to be recompiled?)
A quick search brought up the old thread below, where
grsecurity PaX is recommended, however PaX is a kernel patch and not a standalone utility, and I'm shy of patching the kernel. Besides I read that Torvalds himself thinks the grsecurity patches are "garbage".
Thread from 2014:
https://www.linuxquestions.org/quest...ve-4175505954/