I've just came accross a Fedora 28 memo about hardening their flags: https://fedoraproject.org/wiki/Changes/HardeningFlags28 1. -fstack-clash-protection 2. -fcf-protection=full 3. -mcet 4. for C++: -D_GLIBCXX_ASSERTIONS
According to the builtin specs these are not in current use for sys-devel/gcc-7.2. It may worth to consider moving the same direction as Fedora. Wouldn't it be a shame if a regular non-rolling distro would make use of harder flags compared to Gentoo Hardened? BR: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057