Enable gcc's -fstack-protector-all by default?

Darren Tucker dtucker at zip.com.au
Wed Nov 28 08:13:36 EST 2007

Rick Jones wrote:
> Darren Tucker wrote:
>> Rick Jones wrote:
>> [...]
>>> Just general conservativeness would seem to suggest that until a 
>>> broader number of platforms can be covered, it might not be time to 
>>> become the default.
>> I should have said "enabled by default if the compiler supports it".  
>> If the compiler doesn't, configure continues to behave as before.
> I inferred that.  I'm just thinking that if there isn't certainty of it 
> being sufficiently neutral on a broad swath of platforms, even if the 
> compiler supports it it might be best to leave things be for the moment.

Is there any evidence or documentation indicating that it actually 
causes breakage anywhere?  If not I would tend to enable for the 
compilers that support it.

I have built my AIX packages with the flag for the last couple of years 
without problems, so it's certainly not i386-only.

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list