Hi,
Control Flow Integrity is a new set of exploit mitigations (strictly
speaking, there is not "the CFI", but many variants). LLVM/clang has
support for some form of CFI since a while. The rough idea is that it
adds additional checks to the code to avoid jumps to code pieces that
shouldn't happen.
I'm wondering if there's interest in creating a gentoo-hardened-cfi
variant. I've been playing with it a bit. By setting the right
cc/cflags/etc. variables it's relatively straightforward to compile
single packages with cfi.
However when one tries to recompile packages a lot of errors show up.
Most of them aren't directly related to CFI (though some are). CFI
depends on:
* clang, which is not our default (there has been work in the past for
gentoo with clang).
* fvisibility=hidden. This was afair discussed a while back, but never
considered to be enabled in general, only for specific packages.
* link time optimization/lto and thus the gold linker, because the
"classic" ld doesn't support lto.
Many issues that pop up seem like issues to build systems and linking.
In some cases though one needs to fix function pointer definitions that
don't match their respective functions. (Here's a fix [1] that I sent
to curl and that'll be applied in the next version.)
For now I'm just investigating whether there's interest in this. I
could create some docs in the wiki on how to get started.
[1]
https://github.com/curl/curl/commit/aced311d189a70c7d9b2d958739bcfc1231b3698
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Control Flow Integrity is a new set of exploit mitigations (strictly
speaking, there is not "the CFI", but many variants). LLVM/clang has
support for some form of CFI since a while. The rough idea is that it
adds additional checks to the code to avoid jumps to code pieces that
shouldn't happen.
I'm wondering if there's interest in creating a gentoo-hardened-cfi
variant. I've been playing with it a bit. By setting the right
cc/cflags/etc. variables it's relatively straightforward to compile
single packages with cfi.
However when one tries to recompile packages a lot of errors show up.
Most of them aren't directly related to CFI (though some are). CFI
depends on:
* clang, which is not our default (there has been work in the past for
gentoo with clang).
* fvisibility=hidden. This was afair discussed a while back, but never
considered to be enabled in general, only for specific packages.
* link time optimization/lto and thus the gold linker, because the
"classic" ld doesn't support lto.
Many issues that pop up seem like issues to build systems and linking.
In some cases though one needs to fix function pointer definitions that
don't match their respective functions. (Here's a fix [1] that I sent
to curl and that'll be applied in the next version.)
For now I'm just investigating whether there's interest in this. I
could create some docs in the wiki on how to get started.
[1]
https://github.com/curl/curl/commit/aced311d189a70c7d9b2d958739bcfc1231b3698
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42