--- wikisrc/pkgsrc/hardening.mdwn 2016/03/17 13:27:17 1.7 +++ wikisrc/pkgsrc/hardening.mdwn 2016/03/17 13:40:11 1.8 @@ -105,6 +105,18 @@ for part or all of the build. Again, this feature may cause some programs to crash, usually indicating an actual bug in the program. Patching the original program is then required. +### Performance impact + +The compiler emits extra code when using this feature: a check for buffer +overflows is performed when entering and exiting functions, requiring an extra +variable on the stack. The level of protection can otherwise be adjusted to +affect only those functions considered more sensitive by the compiler (with +`-fstack-protector` instead of `-fstack-protector-all`). + +The impact is not expected to be noticeable on modern hardware. However, +programs with a hard requirement to run at the fastest possible speed should +avoid using this feature, or using libraries built with this feature. + # Auditing the system The illusion of security is worse than having no security at all. This section