[tech] Grsec

[Paul Marinceu]

Hiho,

I'd like to propose that grsec be removed from ucc kernels.
Yes, I know people may be against it, therefore I'll outline my point:
(apologies to Bernard who spent his time making grsec work)

- ucc is not _much_ safer with grsec as there are other ways to get in.
- the main point: people can no longer hack happily on the affected
machines. The grsec kernel is too panicky and kills off any processes
that are using unsafe syscalls. This obviates the usefulness of the ucc,
making our machines as restrictive as cs boxen.

Also, the side effects can be very obscure and hard to pinpoint. Another
thing to add to someone who's developing experimental/pre-release code
that's buggy anyway.

I guess grsec can be configured to be less restrictive...but will this
work. Maybe next week, I'll find something else that breaks. Also,
lowering the security goes against the whole point of having grsec...

So, please post your views so we can come to a solution and get back to
hacking ;)

--
 paul, currently having to do all hacking on his dialup machine at home.