In Fedora22, GCC not enabled the -fstack-protector by default, why?

[Josh Stone]

On 06/29/2015 07:47 AM, 乱雪 wrote:
> Such as:
> 
> // x.c
> #include <stdio.h>
> 
> int main(void) {
>   char x[] = "abc";
>   printf("%s\n", x);
>   return 0;
> }
> 
> and using GCC compile it:
> 
> ➜  gcc x.c -v
> 
> ......
>  /usr/libexec/gcc/x86_64-redhat-linux/5.1.1/cc1 -quiet -v x.c -quiet
> -dumpbase x.c -mtune=generic -march=x86-64 -auxbase x -version -o
> /tmp/ccqowh4f.s
> ......
> 
> as you see,  GCC not enabled the -fstack-protector by default. And in
> Ubuntu:
> 
> ➜  gcc x.c -v
> 
>  /usr/lib/gcc/x86_64-linux-gnu/4.6/cc1 -quiet -v -imultilib .
> -imultiarch x86_64-linux-gnu x.c -quiet -dumpbase x.c -mtune=generic
> -march=x86-64 -auxbase x -version *-fstack-protector *-o /tmp/cc0aswkw.s
> 
> the enabled the -fstack-protector by default.
> 
> why?

AFAIK, the only way Fedora gcc has changed the upstream default options
is for the default type of debuginfo

gcc.spec:993:
# Default to -gdwarf-4 -fno-debug-types-section rather than -gdwarf-2

I'd guess that -fstack-protector makes too much difference to code
generation to risk changing its default.  It is part of optflags for all
distro packages though.

$ rpmbuild --showrc | grep stack-protector
-14: __global_cflags    -O2 -g -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags}