Enable gcc's -fstack-protector-all by default?
Darren Tucker
dtucker at zip.com.au
Wed Nov 28 08:13:36 EST 2007
Rick Jones wrote:
> Darren Tucker wrote:
>> Rick Jones wrote:
>> [...]
>>
>>> Just general conservativeness would seem to suggest that until a
>>> broader number of platforms can be covered, it might not be time to
>>> become the default.
>>
>>
>> I should have said "enabled by default if the compiler supports it".
>> If the compiler doesn't, configure continues to behave as before.
>
> I inferred that. I'm just thinking that if there isn't certainty of it
> being sufficiently neutral on a broad swath of platforms, even if the
> compiler supports it it might be best to leave things be for the moment.
Is there any evidence or documentation indicating that it actually
causes breakage anywhere? If not I would tend to enable for the
compilers that support it.
I have built my AIX packages with the flag for the last couple of years
without problems, so it's certainly not i386-only.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list