El sáb, 07-09-2013 a las 14:37 -0400, Rich Freeman escribió: > On Sat, Sep 7, 2013 at 2:10 PM, Martin Vaeth > <va...@mathematik.uni-wuerzburg.de> wrote: > > Ryan Hill <dirtye...@gentoo.org> wrote: > >> > >> * -fstack-protector{-all} > >> No thank you. -fstack-protector has very limited coverage > > > > I'd say it covers most cases where bugs can be made, > > practically without a severe impact on execution time or code size. > > In contrast, -fstack-protector-all should be left to hardened, since > > its impact is unacceptable to e.g. multimedia systems - the > > protection is probably over-the-top for normal users. > > I'd vote for enabling -fstack-protector by default: > > I am using it since many years (though I do not use hardened profile, > > since -fstack-protector-all had too much a performance impact for me). > > > >> -fstack-protector-strong > > > > One can later still change to this when >=gcc-4.9 is available in stable. > > ++, ++ > > No doubt stack-protector-strong is better than stack-protector, but > stack-protector is still better than nothing, and nothing is the > current default. > > Improvements don't need to be perfect - they just need to be improvements. > > Rich >
Is there any kind of information about performance penalty of -fstack-protector? I have googled some time and there are various estimations (from ~2 to ~8%), but I have no idea what have they checked exactly. Also, multiple comments here refer to "not severe impact" that looks to me like it will have impact but "not too much" :/. For some recent computers I would probably use it, but for older ones, I am not sure if will be happy with that additional impact :| Thanks for the info