Am 2025-01-25 20:21, schrieb Jessica Clarke:
It looks like with Clang we end up using -Qunused-arguments so the warning/error is suppressed. That at least means the build doesn’t fail, which I suppose is good, but I’m not sure we should be promising that WITH_SSP will protect against stack clash then having the compiler silently emit unprotected code (for which we’re to blame, by telling it to ignore the fact it’s not supported). This at least needs to be documented that the protection will only be provided if supported by the compiler.
Like this? diff --git share/man/man7/mitigations.7 share/man/man7/mitigations.7 index 4db6589cdcf1..82a8e3a2c1c2 100644 --- share/man/man7/mitigations.7 +++ share/man/man7/mitigations.7 @@ -28,7 +28,7 @@.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" -.Dd January 25, 2025 +.Dd January 26, 2025 .Dt MITIGATIONS 7 .Os .Sh NAME@@ -245,7 +245,7 @@ and it is possible that some applications may not function correctly.
supports stack overflow protection using the Stack Smashing Protector .Pq SSP compiler feature, -and stack clash protection.+and stack clash protection (if supported by the compiler for the given architecture). In userland, SSP adds a per-process randomized canary at the end of every stack
frame which is checked for corruption upon return from the function, and stack probing in Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
signature.asc
Description: OpenPGP digital signature
