The general stack protector is known to be weak and has pretty small
coverage. While setting stack-protector-all would give better protection
it would come with a performance cost: for this reason Google's Chrome OS
team developed a new stack-protector-strong variant.
In addition to the protections offered by -fstack-protector, the new option
will guard any function that declares any type or length of local array,
even those in structs or unions. It will also protect functions that use a
local variable's address in a function argument or on the right-hand side
of an assignment.
The option was introduced in GCC-4.9, but support for it has been
back-ported to our base GCC (r286074) and is also available in clang.
The change was tested with dbench and doesn't introduce performance
regressions. An exp-run over the ports tree revealed no failures when
using the stricter stack-protector-all. Thanks to all testers involved.
Reference:
https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/
Tested by: pho, portmgr (antoine)
Discussed with: secteam (delphij)
Differential Revision: https://reviews.freebsd.org/D3463
PR: 203394 (exp-run)
Relnotes: yes
MFC: no (not supported in older clang)
c621a626db