commit f92abb41906b9b6bab253afd040dc56835720c2e from: deraadt date: Fri Jun 28 18:10:48 2024 UTC comments on -fret-clean for amd64 commit - 6109f8dd3d7b2a1fbfe07998a3a3138e14b17cc7 commit + f92abb41906b9b6bab253afd040dc56835720c2e blob - ff4dc84adbd732d83d65b8f28c808d94549c4c17 blob + 32059bb46aab8940e22cc35fa5b6800bcf4a8082 --- innovations.html +++ innovations.html @@ -266,6 +266,11 @@ Innovations also becomes redundant (and is removed a bit later), because immutable memory + pinsyscalls together are cheaper and more effective targetting. Theo de Raadt, Jan 2024. +
  • -fret-clean is a clang extension that, upon return from a function + cleans the return value off the stack (one of many information leaks which + can be used to determine where functions in a different DSO reside). + The kernel, libc, libcrypto, and ld.so(1) are compile with this option. + amd64 only, for now.

    Functions