http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58245
--- Comment #3 from Rich Felker <bugdal at aerifal dot cx> --- We already do that; the patch is in the musl-cross repo here: https://bitbucket.org/GregorR/musl-cross or https://github.com/GregorR/musl-cross However, we want the stack-protector behavior for GCC with musl to be the same as with glibc, using the TLS canary and __stack_chk_fail function in libc rather than a separate libssp. In all real-world, nontrivial code, everything works fine. The only failure of empty programs like the above which just call exit, which, when combined with -fstack-protector-all, cause failure. In any case, the failure of configure scripts with musl is just one symptom of the problem: useless loads of the canary without a corresponding check of the canary. From a security standpoint, I feel like checking the canary before calling a function that won't return would be the best possible behavior, so that every function gets a check. However, if doing this isn't deemed worthwhile, I think the canary load, which is dead code without a subsequent check, should be optimized out.
