1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# DP: Document distro specific compiler flags turned on by default
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
@@ -10967,6 +10967,11 @@ branch target registers within any basic
Optimize the prologue of variadic argument functions with respect to usage of
those arguments.
+NOTE: In Ubuntu 14.10 and later versions,
+@option{-fstack-protector-strong} is enabled by default for C,
+C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
+@option{-nostdlib}, nor @option{-ffreestanding} are found.
+
@item -fsection-anchors
@opindex fsection-anchors
Try to reduce the number of symbolic address calculations by using
@@ -11591,6 +11596,9 @@ value of a shared integer constant.
The minimum size of buffers (i.e.@: arrays) that receive stack smashing
protection when @option{-fstack-protection} is used.
+This default before Ubuntu 10.10 was "8". Currently it is "4", to increase
+the number of functions protected by the stack protector.
+
@item min-size-for-stack-sharing
The minimum size of variables taking part in stack slot sharing when not
optimizing.
@@ -12732,6 +12740,10 @@ which functions and calls should be skip
Currently the x86 GNU/Linux target provides an implementation based
on Intel Control-flow Enforcement Technology (CET).
+NOTE: In Ubuntu 19.10 and later versions, @option{-fcf-protection}
+is enabled by default for C, C++, ObjC, ObjC++, if none of
+@option{-fno-cf-protection} nor @option{-fcf-protection=*} are found.
+
@item -fstack-protector
@opindex fstack-protector
Emit extra code to check for buffer overflows, such as stack smashing
@@ -12814,6 +12826,10 @@ allocations. @option{-fstack-clash-prot
protection for static stack allocations if the target supports
@option{-fstack-check=specific}.
+NOTE: In Ubuntu 19.10 and later versions,
+@option{-fstack-clash-protection} is enabled by default for C,
+C++, ObjC, ObjC++, unless @option{-fno-stack-clash-protection} is found.
+
@item -fstack-limit-register=@var{reg}
@itemx -fstack-limit-symbol=@var{sym}
@itemx -fno-stack-limit
|