undeadlyclang -fret-clean: cleaning return addresses off stack (by deraadt@)
Future versions of OpenBSD may include core system libraries and binaries built with logic to remove return addresses off the stack. With this in place, whole classes of bugs would be harder to exploit.
In a message to the tech@ mailing list titled clang -fret-clean: cleaning return addresses off stack, Theo de Raadt (deraadt@) explains how this would work and includes code to implement the feature for the X86 architecture only:
List: openbsd-tech Subject: clang -fret-clean: cleaning return addresses off stack From: "Theo de Raadt" <deraadt () openbsd ! org> Date: 2024-05-25 6:18:59 There are many address space mitigations in play now which make standard control-flow methods and ROP-style methods more difficult than ever before. None of them are a silver bullet; added up they are a big deal, but noone is saying they are a comprehensive solution, One thing I've worried about for a while is that program bugs being exercised tend to happen in the main program, or in some large library. But many types of attack methodology require reaching system calls via libc, in as direct and simple fashion as possible. ASLR location of libc has made that a bit harder, boot-time random relinking of libc makes it even more difficult. But there's a few things which do hint at where libc is mapped.
continue