Mailing the story:
Shrinking Linux Attack Surfaces
Often, a kernel developer will try to reduce the size of an attack surface against Linux, even if it can't be closed entirely. It's generally a toss-up whether such a patch makes it into the kernel. Linus Torvalds always prefers security patches thatreally close a hole, rather than just give attackers a slightly harder time of it.