Stack Smash Protection sounds like a cool feature to me. I don't know what the performance impact is, but as a developer even if it is to slow to use by default I would love to have it intergrated into the gcc shipped by Fedora to make debugging easier.
well.. gcc in fc4 (well rawhide right now) has something that has a quite similar effect, with basically zero performance impact. Try it ;)
PAX uses tricks to get a non executable stack, and assignes random addresses to PIE executables, which Fedora already has in the form of Exec Shield, good! But if I undertand it correctly PAX does more for example also make data pages non executable, this might be something worth looking into.
Exec-Shield makes datapages also non-executable. There is very little practical difference between PAX and Exec-Shield protection wise. There are theoretical differences, mostly comming from a different viewpoint (Exec-Shield is about being as secure as possible without breaking things, while PaX does make the deliberate choice to break things. The difference is small, the things that "break" are rare. very rare.) The reason Exec-Shield does this is because the worst thing that can happen is to be too secure, so secure that all sysadmins just turn it off entirely.