On Sat, Sep 7, 2013 at 2:10 PM, Martin Vaeth <[email protected]> wrote: > Ryan Hill <[email protected]> wrote: >> >> * -fstack-protector{-all} >> No thank you. -fstack-protector has very limited coverage > > I'd say it covers most cases where bugs can be made, > practically without a severe impact on execution time or code size. > In contrast, -fstack-protector-all should be left to hardened, since > its impact is unacceptable to e.g. multimedia systems - the > protection is probably over-the-top for normal users. > I'd vote for enabling -fstack-protector by default: > I am using it since many years (though I do not use hardened profile, > since -fstack-protector-all had too much a performance impact for me). > >> -fstack-protector-strong > > One can later still change to this when >=gcc-4.9 is available in stable.
++, ++ No doubt stack-protector-strong is better than stack-protector, but stack-protector is still better than nothing, and nothing is the current default. Improvements don't need to be perfect - they just need to be improvements. Rich
