1. 8

  2. 4

    This is a few years old, but as the text asks why “-fstack-check” is not enabled by default: There was a discussion around this when Qualys published some research on Stack Clash [1] in 2017.

    Developers from Redhat back then came to the conclusion that “-fstack-check” has some compatibility issues and they redeveloped a better version of that feature that is behind the “-fstack-clash-protection” flag in latest gcc versions. I think some Linux distros enable that by default and if yours is not you may ask for it.

    [1] https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash