This is really great news, although a lot of this goes over my head at this low level. I like OpenBSD for its simplicity, great man pages, etc., and some of its philosophies, including those around security, but I know little on the technical details of its mitigations.
I gather retguard is a mitigation against return-oriented programming attacks, which is about manipulating return addresses so functions return to malicious code instead of the code that called them, to subvert protections like W^X and code signing. This is from a quick search. (For some reason, earlier in the thread, I was referring to W^X in the context of different partitions, is that (or something similar) a thing there too or was I misremembering or imagining things?) That said, if you can explain how to mark a function with no-retguard-please, I'm happy to do that. Googling “openbsd "no-retguard-please"” gives no results. Also, I reckon we're probably nearing the time to actually create a ticket on the GHC issue tracker. What do you reckon? Cheers, Habib
