Emit extra code to check for buffer overflows, such as stack
smashing attacks. This is done by adding a guard variable to
functions with vulnerable objects. This includes functions that
call alloca, and functions with buffers larger than 8 bytes. The
guards are initialized when a function is entered and then checked
when the function exits. If a guard check fails, an error message
is printed and the program exits.
NOTE: In Ubuntu 6.10 and later versions this option is enabled by
default for C, C++, ObjC, ObjC++, if neither -fno-stack-protector
nor -nostdlib are found.
GCC likes to do a bunch of stuff behind the scenes. It's great for application
programming because all of the runtime support is already there, unfortunately
in OS development you have to make the runtime support yourself. Using that flag
tells GCC to not to do some of that stuff behind the scenes, so you don't have to
write the stuff until much later where you have an idea as to what you need and
how to do it.