"Strong" stack protection for GCC

> Does the word 'generally' imply that there are some cases where this is not true (i.e., canary value does not have to be changed)? I suspect not. And if the answer is no..

The answer is definitely yes. The canary, which is checked before return, protects against the case that the return address was overwritten. But a buffer overflow may overwrite other things too that would be just as exploitable. For example, a local variable containing a function pointer that gets called before the function returns. Or even just an integer that is later used to index an array, which (after overflow) could be changed to point anywhere.