| 1 |
On 09/07/2015 01:10 PM, wabenbau@×××××.com wrote: |
| 2 |
> Michael Orlitzky <mjo@g.o> wrote: |
| 3 |
> |
| 4 |
> I don't think so (but maybe I'm wrong). You have to compile your entire |
| 5 |
> system with a hardened toolchain to get full hardened support (SSP and |
| 6 |
> maybe some other things). I think, to go back to a "normal state", you |
| 7 |
> have to recompile everything again with a non hardened toolchain. |
| 8 |
> |
| 9 |
|
| 10 |
GCC 4.8 already defaults to -fstack-protector, but you do need to |
| 11 |
recompile to get -fstack-protector-all and you're right that you would |
| 12 |
need to recompile again to make it go away. The full SSP is considered |
| 13 |
safe though, and only slows things down a bit. |
| 14 |
|
| 15 |
For PaX, the markings may exist on your filesystem, but if you switch to |
| 16 |
a non-hardened kernel they cease to have any effect. Grsec just goes away. |
Archives