Are you kidding me?! At the very least suggest Grsec, SELinux, containers! Who gives a shit about "certain classes" of privilege escalation? Are you securing your webserver against 5th graders or actual hackers?
If you want to minimize your attack surface, what he suggested is quite possibly the least effective possible thing anyone could do. I point out just a few of the more important issues to consider first, and you tell ME I don't know about security? I don't know what kind of systems you secure, but mine don't rely on 'mount -o ro,remount /' as a defense strategy.
You're missing the bigger point: enumerating every possible defense is beyond the scope of a comment AND does not exclude any technique by omission. If you'd like to raise technologies in a civil manner, please. Just don't start getting defensive and name calling. [1]
If you want to minimize your attack surface, what he suggested is quite possibly the least effective possible thing anyone could do. I point out just a few of the more important issues to consider first, and you tell ME I don't know about security? I don't know what kind of systems you secure, but mine don't rely on 'mount -o ro,remount /' as a defense strategy.