1 |
On 09/07/2015 01:10 PM, wabenbau@×××××.com wrote: |
2 |
> Michael Orlitzky <mjo@g.o> wrote: |
3 |
> |
4 |
> I don't think so (but maybe I'm wrong). You have to compile your entire |
5 |
> system with a hardened toolchain to get full hardened support (SSP and |
6 |
> maybe some other things). I think, to go back to a "normal state", you |
7 |
> have to recompile everything again with a non hardened toolchain. |
8 |
> |
9 |
|
10 |
GCC 4.8 already defaults to -fstack-protector, but you do need to |
11 |
recompile to get -fstack-protector-all and you're right that you would |
12 |
need to recompile again to make it go away. The full SSP is considered |
13 |
safe though, and only slows things down a bit. |
14 |
|
15 |
For PaX, the markings may exist on your filesystem, but if you switch to |
16 |
a non-hardened kernel they cease to have any effect. Grsec just goes away. |