Re: Additional hardening options
This is what I usually add as well to the security flags.
With respect to the "default" flags I had some fun with the SDK and -D_FORTIFY_SOURCE=2 and -fstack-protector-strong.
I guess they do have some performance impact as well, but I did not do very thorough research.
Also, I did not confirm it yet but suspect that some of those flags might be the reason for "debuginfod gdb: *** stack smashing detected ***: terminated".