# fstack-protector-strong anyone using it ? adding to Gentoo ?

## kernelOfTruth

Hi,

since I stumbled over -fstack-protector-strong a few days ago at lkml

and just read some more on it (http://www.simonroses.com/2013/04/appsec-improve-your-software-security-with-gcc-stack-protector-strong/)

anyone has added it to your gcc / toolchain ?

if one of the toolchain-/security-related devs (zorry, ...) are reading this:

any plans to add this in the near future to the hardened or even default toolchain ?

Thanks for reading   :Smile: 

----------

## mv

There was already a discussion on dev-ml when it was decided that -fstack-protector is added: Plans of gcc upstream are to include -fstack-protector-strong into gcc-4.9. Since the corresponding -fnostack-protector-strong makes no sense before gcc-4.9, I doubt that gentoo will discuss about putting it into default before gcc-4.9 is stabilized (in gentoo!). Since hardened includes even -fstack-protector-all by default, I doubt that they will relax this policy.

----------

## kernelOfTruth

oh, good to know

thanks mv   :Smile: 

perhaps fstack-protector-strong could be used as an replacement for fstack-protector-all when things fail to compile or work at runtime

or for those who want more protection but don't like the slowdown & overhead of fstack-protector-all

----------

## zorry

fstack-protector-strong will most be enable by default on gcc 4.9 in gentoo and hardened will have -all as default.

----------

## kernelOfTruth

 *zorry wrote:*   

> fstack-protector-strong will most be enable by default on gcc 4.9 in gentoo and hardened will have -all as default.

 

great !

thanks for the confirmation, zorry   :Smile: 

----------

