It is well known that the normal stack protection supported from
the early gcc days is very weak. Google engineers have developed
a new ssp-protector-strong option that provides much better
protection without hurting performance.
This has been adopted by most linux distributions
and OpenBSD. Apparently clang in FreeBSD 11 supports it and
we recently brought support for that option in our base gcc
so it seems like a good moment to adopt such option.
This is complementary but unrelated to the GSoC 2015
to bring the FORTIFY_SOURCE functionality to libc.