Message327406
| Author |
vstinner |
| Recipients |
Dormouse759, cstratak, ishcherb, pablogsal, serhiy.storchaka, vstinner |
| Date |
2018年10月09日.14:22:58 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1539094978.41.0.545547206417.issue32962@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
More info about -fcf-protection=full -mcet:
"Enable control flow protection on x86-64 using -fcf-protection=full -mcet."
https://fedoraproject.org/wiki/Changes/HardeningFlags28
man gcc:
-fcf-protection=[full|branch|return|none]
Enable code instrumentation of control-flow transfers to increase
program security by checking that target addresses of control-flow
transfer instructions (such as indirect function call, function
return, indirect jump) are valid. This prevents diverting the flow
of control to an unexpected target. This is intended to protect
against such threats as Return-oriented Programming (ROP), and
similarly call/jmp-oriented programming (COP/JOP).
The value "branch" tells the compiler to implement checking of
validity of control-flow transfer at the point of indirect branch
instructions, i.e. call/jmp instructions. The value "return"
implements checking of validity at the point of returning from a
function. The value "full" is an alias for specifying both
"branch" and "return". The value "none" turns off instrumentation.
The macro "__CET__" is defined when -fcf-protection is used. The
first bit of "__CET__" is set to 1 for the value "branch" and the
second bit of "__CET__" is set to 1 for the "return".
You can also use the "nocf_check" attribute to identify which
functions and calls should be skipped from instrumentation.
Currently the x86 GNU/Linux target provides an implementation based
on Intel Control-flow Enforcement Technology (CET). |
|