What is the use of -fno-stack-protector?
I have written an application in C, and I'm trying to understand what is the purpose of the -fno-stack-protector command when compiling. For my specific application, it makes no difference if I use this command or not in terms of protecting against buffer overflow.
I've read online that the -fstack-protector and -fno-stack-protector commands enable and disable respectively the stack-smashing protector, but if I'm compiling the application myself, how can the protector be enabled beforehand? Does the usage of the command maybe depend on what system the application is running on?
Answer
In the standard/stock GCC, stack protector is off by default. However, some Linux distributions have patched GCC to turn it on by default. In my opinion, this is rather harmful, as it breaks the ability to compile anything that's not linked against the standard userspace libraries unless the Makefile specifically disables stack protector. It would even break the Linux kernel build except that the distributions with this hack added additional hacks to GCC to detect that the kernel is being built and disable it.