c-compiler-security icon indicating copy to clipboard operation
c-compiler-security copied to clipboard

Published 20 hours ago verified publisher icon airbus-seclab

Control Flow Integrity and Shadow Stack?

Open hiowaguy opened this issue 3 years ago • 1 comments
trafficstars

Currently, for the GCC 12 and Clang 11 TL;DR, I don't see the control flow integrity flag mentioned on the detailed page... is this because it is Intel specific? -fcf-protection=full

In some other references, I see recommendations to enable the following flag for Intel x86 as well: -mshstk

hiowaguy avatar Nov 18 '22 20:11 hiowaguy

Hello, I was not fully sure of the impact and limitations of CFI so I chose not to add it directly on the tl;dr.

-mshstk is confusing:

mshstk
Target Mask(ISA_SHSTK) Var(ix86_isa_flags) Save
Enable shadow stack built-in functions from Control-flow Enforcement
Technology (CET).

trou avatar Nov 19 '22 20:11 trou