Arm Pointer Authentication (PAC) is a method of hardening code from Return Oriented Programming (ROP) attacks. It uses a tag in a pointer to sign and verify pointers. Branch Target Identification (BTI) is another code hardening method, where the branch/jump target is identified with a special landing pad instruction. Outside of some system support in glibc+kernel, packages gain the additional hardening by compiling with the -mbranch-protection= flag available in recent versions of GCC. In particular -mbranch-protection=standard enables both BTI and PAC, with backwards compatible to armv8.0 code sequences that activate on v8.3 (PAC) & v8.5 (BTI) enabled Arm machines.
given the clang-gcc change that is being discussed in the devel, is this flag available there too @jlinton ?
Hi,
Yes the flag name in gcc was changed in the past to match the llvm one.
https://clang.llvm.org/docs/ClangCommandLineReference.html
The suggested -mbranch-protection= should work on both gcc and clang.
On 6/8/20 12:25 PM, Igor Raits wrote:
ignatenkobrain added a new comment to an issue you are following: given the clang-gcc change that is being discussed in the devel, is this flag available there too @jlinton ? To reply, visit the link below or just reply to this email https://pagure.io/fesco/issue/2403
ignatenkobrain added a new comment to an issue you are following: given the clang-gcc change that is being discussed in the devel, is this flag available there too @jlinton ?
To reply, visit the link below or just reply to this email https://pagure.io/fesco/issue/2403
+1
This is APPROVED now with (+4, 0, -0).
Metadata Update from @ignatenkobrain: - Issue tagged with: pending announcement
Announced in https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/GIFKTON4IZPN2DQ5ZAKVLTF5Y4POBJJB/
Metadata Update from @ignatenkobrain: - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Metadata Update from @bcotton: - Issue untagged with: F33 - Issue set to the milestone: Fedora 33
Login to comment on this ticket.