Summary: | Consider -ftrivial-auto-var-init=zero for future hardened profiles? | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sam James <sam> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | emacsray, kees, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | enable-ftrivial-auto-var-init-zero-by-default.patch |
Description
Sam James
![]() ![]() ![]() ![]() kees, maskray: I'd welcome your opinions on if it's worth exploring this for our Hardened profiles yet or not (note that I've done 0 test builds over the repositories yet). (Note that I don't plan on the similarly-named-but-rather-different -fzero-call-used-regs=all given https://dustri.org/b/paper-notes-clean-the-scratch-registers-a-way-to-mitigate-return-oriented-programming-attacks.html). Created attachment 869126 [details, diff]
enable-ftrivial-auto-var-init-zero-by-default.patch
Attached trivial hacky patch for anyone who wants to test.
Sounds great! https://reviews.freebsd.org/D27131 provides choices WITH_INIT_ALL_ZERO/WITH_INIT_ALL_PATTERN Android platform defaulted to -ftrivial-auto-var-init=zero since 2020-05 https://r.android.com/c/platform/build/soong/+/1310902/2/cc/config/global.go https://chromium.googlesource.com/chromium/src/+/refs/heads/main/build/config/compiler/BUILD.gn#139 defaults to pattern (non-official-build-of-Android non-ChromeOS) or zero (ChromeOS) |