explicitly list userspace compiler hardening flags
Most of these features are now done upstream other than enabling PAC, BTI and making signed integer overflow well-defined when overflow checking isn't enabled. There are other things which could be considered to be part of this set of features but are covered elsewhere already.
This commit is contained in:
Daniel Micay
@@ -305,7 +305,11 @@
|
||||
been reused once and gone through the quarantines twice</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Hardened compiler toolchain</li>
|
||||
<li>On ARMv9, Branch Target Identification (BTI) and Pointer
|
||||
Authentication Code (PAC) return address protection are enabled for
|
||||
userspace OS code we build instead of only specific apps</li>
|
||||
<li>Signed integer overflow is made well defined in C and C++ for code
|
||||
where automatic overflow checking is disabled</li>
|
||||
<li>
|
||||
Hardened kernel
|
||||
<ul>
|
||||
|
||||
Reference in New Issue
Block a user