+#
+# Modern GCC wants to put DWARF tables (used for debugging and
+# unwinding) in the loaded part of the program where they are
+# unstrippable. These options force them back to debug sections (and
+# cause them not to get generated at all if debugging is off).
+#
+tryflag CFLAGS_AUTO -fno-unwind-tables
+tryflag CFLAGS_AUTO -fno-asynchronous-unwind-tables
+
+#
+# The GNU toolchain defaults to assuming unmarked files need an
+# executable stack, potentially exposing vulnerabilities in programs
+# linked with such object files. Fix this.
+#
+tryflag CFLAGS_AUTO -Wa,--noexecstack
+