pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

Hardening: add -fzero-call-used-regs=used-gpr

Browse Source 
Is defense in depth to make ROP harder. In general this is reported to
have a performance impact of 2% worst-case. Linux kernel reports 1%.
Should be closer to 0% for us, or that 1% if i am wrong.
https://lwn.net/Articles/870045/ has some background on this.
This commit is contained in:
Bram Matthys
2026-02-22 16:31:21 +01:00
parent d668c4b78b
commit 0ab1221a38
2 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configure.ac
+3
View File
@@ -150,6 +150,9 @@ AS_IF([test x"$hardening" != x"no"], [
# Since we have moved from name[1] to name[], setting this should help bounds checking:
check_cc_flag([-fstrict-flex-arrays=3], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fstrict-flex-arrays=3"])
# Clear registers on return (performance penalty, but acceptable, makes ROP harder)
check_cc_flag([-fzero-call-used-regs=used-gpr], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fzero-call-used-regs=used-gpr"])
# At the link step, we might want -pie (GCC) or -Wl,-pie (Clang on OS X)
#
# The linker checks also compile code, so we need to include -fPIE as well.