I've had a "partially-hardened" workstation for awhile now.  I use 
hardened-sources and enable many of the PaX/grsecurity options including 
stack smashing protection.  This works great as I can disable SEGMEXEC, 
PAGEEXEC and mprotect for Quake3 (ioquake3) and get it to run.  My question 
is if I take my workstation to a full hardened system with SSP+PIE toolchain, 
etc. will I still be able to run Quake3 and other programs like it?  If I 
went to a full Hardened Gentoo system, even if I disabled PaX's SEGMEXEC, 
PAGEXEC and mprotect, which is sufficient to run Quake3 now, the toolchains' 
own SSP would then kick in and stop me, right?

I'm normally a test and do-it-myself kind of person, but I really don't want 
to have to recompile the system to find out and then recompile again if gcc's 
SSP/ProPolice does stop me.

Side note: I masked gcc-4* and >=glibc-2.4 when they were stabled in x86. I 
still run gcc-3.4.6-r2 and glibc-2.3.6-r5 so switching to the hardened 
profile will not present any of those types of problems for me.

Thank you for your help.
-- 
[email protected] mailing list

Reply via email to