"Grsecurity will rather terminate userland programs or, in some rare cases, panic the kernel if it finds itself in an undefined state. This is exactly what you want if you care about security, but it's not a trade-off everyone is happy with (including Linus)."
If you really cared about security, you'd leave the box unplugged.
"I remember many bugs that were uncovered by PAX_REFCOUNT and yes, occasionally panicked the kernel where a vanilla kernel would run just fine. They usually found and fixed those within hours."
Speaking as someone who has done middling large scale production administration, that's not reassuring.
If you really cared about security, you'd leave the box unplugged.
"I remember many bugs that were uncovered by PAX_REFCOUNT and yes, occasionally panicked the kernel where a vanilla kernel would run just fine. They usually found and fixed those within hours."
Speaking as someone who has done middling large scale production administration, that's not reassuring.