[Bug 3629] Building with Clang-17 fails due to -fzero-call-used-regs
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Nov 21 19:40:04 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3629
--- Comment #10 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to David Bohman from comment #9)
> I cherry-picked 2a19e02 ff220d4 99a2df5 on top of V_9_5_P1, and it
> does build successfully on my system.
Thanks, good to hear!
> Are there security implications associated with not using this flag?
Not immediately. If there is a security bug in future this flag (and
similar hardening flags) may prevent a given exploit from working, or
make it less likely to work, but the exact effect would depend on the
details of the bug and exploit in question.
This flag makes it harder to write ROP exploits, where an attacker
chains together little fragments of existing code that end in a
"return" (called "gadgets") in a binary. The attacker finds gadgets
that together do what they want and fakes up a call stack that returns
to each gadget in turn. The flag zeros (some) registers before
functions return, which may disrupt the intended behaviour.
https://www.jerkeby.se/newsletter/posts/rop-reduction-zero-call-user-regs/
seems like a reasonable explanation.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list