In the context of x86_64/3.14.34:
I realise checksec is an externally developed and maintained third-party "measurement" tool, but out of an interest to get an official statement from grsec developers, are the following kernel configuration entries still pertinent?
Checksec flags these being disabled as a "defect", and this seems very misleading.
Likewise, there's a persistent mention of KERNHEAP, but that's obsolete or moribund as well?
In the vanilla kernel 3.14.34, I don't see any configuration items that enable those symbols, despite seeing occasional references to them in various kernel sources.
I ask because of threads like this one: viewtopic.php?f=3&t=1630&p=6465&hilit=CONFIG_DEBUG_RODATA
This thread makes the statement that KERNEXEC is a superset (and more security optimal setting) than RODATA. Is this still the case for x86_64 on modern kernels?