clang -fret-clean: cleaning return addresses off stack (by deraadt@)
by from OpenBSD Journal on (#6N2A7)
Future versions of OpenBSD may include core system libraries and binaries built with logic to remove return addresses off the stack. With this in place, whole classes of bugs would be harder to exploit.
In a message to the tech@ mailing list titled clang -fret-clean: cleaning return addresses off stack, Theo de Raadt (deraadt@) explains how this would work and includes code to implement the feature for the X86 architecture only:
List: openbsd-techSubject: clang -fret-clean: cleaning return addresses off stackFrom: "Theo de Raadt" <deraadt () openbsd ! org>Date: 2024-05-25 6:18:59There are many address space mitigations in play now which make standardcontrol-flow methods and ROP-style methods more difficult than ever before.None of them are a silver bullet; added up they are a big deal, but nooneis saying they are a comprehensive solution,One thing I've worried about for a while is that program bugs beingexercised tend to happen in the main program, or in some large library.But many types of attack methodology require reaching system calls vialibc, in as direct and simple fashion as possible. ASLR location oflibc has made that a bit harder, boot-time random relinking of libcmakes it even more difficult. But there's a few things which do hint atwhere libc is mapped.