clang option -fret-clean committed

Contributed by rueda on 2024-06-03 from the well-cleaned-stacks dept.

Theo de Raadt (deraadt@) has committed -fret-clean for clang:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2024/06/02 09:40:43

Modified files:
	gnu/llvm/clang/include/clang/Driver: Options.td 
	gnu/llvm/clang/lib/Driver/ToolChains: Clang.cpp 
	gnu/llvm/llvm/lib/Target/X86: X86.h X86TargetMachine.cpp 
	gnu/usr.bin/clang/libLLVMX86CodeGen: Makefile 
	share/man/man1 : clang-local.1 

Log message:
add -fret-clean option (amd64 and i386 only at first), defaulting to off.
This causes the caller to cleans the return address off the stack after
a callq completes.  The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs.  The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.

See our earlier article for more discussion.

For now, this is only for amd64 and i386.

(Comments are closed)

Latest Articles

Wed, Jul 24
- 05:28 Incoming: UDP parallel input (0)
Sun, Jul 21
- 16:54 Libva's VA-API (Video Acceleration API) imported into xenocara (3)
Sun, Jul 14
- 15:42 Enable local-to-anchors tables in PF rules (0)
Thu, Jul 11
- 16:14 Game of Trees 0.101 released (0)
Sat, Jul 06
- 08:46 A practical guide to VPNs, IPv6, routing domains and IPSEC (5)
Wed, Jul 03
- 13:03 clang -fret-clean on the horizon for OpenBSD/arm64 (0)
Mon, Jul 01
- 10:28 OpenSSH 9.8 released (2)
- 05:54 RIP dhclient(8) (1)
Sun, Jun 30
- 10:09 Initial playlist of 28 BSDCan Videos released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]