From 04791f4a4d1cac8bcd9f3ace9219efc742b9f5ef Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sat, 11 Jan 2025 12:31:08 +0000
Subject: [PATCH] bintools-wrapper: enable stackclashprotection by default

---
 pkgs/build-support/bintools-wrapper/default.nix | 1 +
 pkgs/top-level/stage.nix                        | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/bintools-wrapper/default.nix b/pkgs/build-support/bintools-wrapper/default.nix
index 878439cb31a6..fdf3fcfb284d 100644
--- a/pkgs/build-support/bintools-wrapper/default.nix
+++ b/pkgs/build-support/bintools-wrapper/default.nix
@@ -43,6 +43,7 @@
     "fortify3"
     "pic"
     "relro"
+    "stackclashprotection"
     "stackprotector"
     "strictoverflow"
     "zerocallusedregs"
diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix
index 1cedd8dd1845..b9f671629c39 100644
--- a/pkgs/top-level/stage.nix
+++ b/pkgs/top-level/stage.nix
@@ -329,7 +329,6 @@ let
             super'.stdenv.cc.defaultHardeningFlags ++ [
               "shadowstack"
               "pacret"
-              "stackclashprotection"
               "trivialautovarinit"
             ]
           ) super'.stdenv;