On Wed, Jan 14, 2015 at 5:52 PM, Theo de Raadt <dera...@cvs.openbsd.org> wrote:
> And what breaks? > > Did you do an assessment? > > Hypothetically, if we do this and it improves security but breaks > mplayer or firefox and people are forced to run some other system > instead, is it then a security improvement? Indeed. On a Linux machine of mine, I've tried booting a grsecurity patched kernel (v3.18.2). First, enabling Grsecurity/PaX options automatically disables HIBERNATE support, thus hibernation is no more possible. Second, I've tried booting with it and the KDE desktop blew up with a lot of segfaults :( I have no polemic intentions, I just wanted to report some facts... Ciao! David