On 09/07/2015 01:10 PM, waben...@gmail.com wrote: > Michael Orlitzky <m...@gentoo.org> wrote: > > I don't think so (but maybe I'm wrong). You have to compile your entire > system with a hardened toolchain to get full hardened support (SSP and > maybe some other things). I think, to go back to a "normal state", you > have to recompile everything again with a non hardened toolchain. >
GCC 4.8 already defaults to -fstack-protector, but you do need to recompile to get -fstack-protector-all and you're right that you would need to recompile again to make it go away. The full SSP is considered safe though, and only slows things down a bit. For PaX, the markings may exist on your filesystem, but if you switch to a non-hardened kernel they cease to have any effect. Grsec just goes away.
