propolice for GCC?

[ibotty]

>      Ok.  I've looked at the code output and it does impose some
>      fairly serious overheads, so I am going to default the compiler
>      to off instead of on.  We can then add -fstack-protector to
>      sys.mk, /etc/make.conf, or wherever else we need to add it.

should we build sendmail, bind and everything else which servers to the
outside build with -fstack-protector by default.

i guess, this way we would catch most bugs, yet do not slow down /bin/sh
that much (hehe, at least we dont have dynamic /bin/sh >;]

~ibotty