enable -fstack-protector-strong by default in user land
It is long past time for
-fstack-protector-strong to be enabled by default in user land in the build. This goes through and enables this across the entire user land stack with a few exceptions to deal with bootstrapping and other minor challenges. In particular, if this had been enabled, it would have at least caught #13242 (I explicitly tested that).
- rtld (and as a side effect libc and libconv) due to bootstrapping issues around enabling the guard
- kmdb as it needs its own implementation of the stack protector and can't really use the kernel's
- The kmdb standalone versions of libdis, libctf, and libumem which are only used for kmdb.
- DTrace's drti.o which would require other objects to need ssp_ns that wouldn't in and of itself know to
The above can all be dealt with other work over time, the highest value would be enabling libc; however, that's no reason to stop getting basically all of the rest of userland enabled.
As part of doing this work, I discovered a lot of bugs in the build system which will be linked as blockers on this ticket.