I've had a "partially-hardened" workstation for awhile now. I use hardened-sources and enable many of the PaX/grsecurity options including stack smashing protection. This works great as I can disable SEGMEXEC, PAGEEXEC and mprotect for Quake3 (ioquake3) and get it to run. My question is if I take my workstation to a full hardened system with SSP+PIE toolchain, etc. will I still be able to run Quake3 and other programs like it? If I went to a full Hardened Gentoo system, even if I disabled PaX's SEGMEXEC, PAGEXEC and mprotect, which is sufficient to run Quake3 now, the toolchains' own SSP would then kick in and stop me, right?
I'm normally a test and do-it-myself kind of person, but I really don't want to have to recompile the system to find out and then recompile again if gcc's SSP/ProPolice does stop me. Side note: I masked gcc-4* and >=glibc-2.4 when they were stabled in x86. I still run gcc-3.4.6-r2 and glibc-2.3.6-r5 so switching to the hardened profile will not present any of those types of problems for me. Thank you for your help. -- [email protected] mailing list
