Does Gentoo Hardened use -fstack-protector-strong? I'm trying to build a fairly hardened Gentoo install and I'd like to at least make sure that everything is built with `-fstack-protector-strong` if not `-fstack-prote...--prophetes.ai

Does Gentoo Hardened use -fstack-protector-strong? I'm trying to build a fairly hardened Gentoo install and I'd like to at least make sure that everything is built with `-fstack-protector-strong` if not `-fstack-protector-all`. I'm on the `hardened/linux/amd64/selinux` profile, and here's my make.conf: CFLAGS="-march=native -O2 -pipe" CXXFLAGS="${CFLAGS}" CHOST="x86_64-pc-linux-gnu" USE="bindist mmx sse sse2 systemd -consolekit" PORTDIR="/usr/portage" DISTDIR="${PORTDIR}/distfiles" PKGDIR="${PORTDIR}/packages" ACCEPT_KEYWORDS="~amd64" Does Hardened automatically set `-fstack-protector-strong`, or do I need to pass that to `CFLAGS`?

Yes, Gentoo Hardened uses `fstack-protector-all` by default, so you do not need to pass `CFLAGS` yourself to enable stack smashing protection. The default `CFLAGS` for the Hardened profile include:

CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,now -Wl,-z,relro"

See this section from the Gentoo Hardened FAQ for more info.