R0b0t1 <r03...@gmail.com> wrote: > > https://wiki.gentoo.org/wiki/Hardened_Gentoo > > The hardened profile still sets PaX and a slew of toolchain options.
Yes. But marking binaries for pax if you don't use a kernel with pax is pointless. And whether you use the hardened toolchain or a current gcc with USE="ssp pie" does not make a big difference if you have the mentioned LDFLAGS in your make.conf. I think the main difference is that -fstack-protector(-strong?) is used instead of -fstack-protector-all (IMHO the latter is overkill). I am not sure how it is with -fstack-check.