Hi, Florian wrote: > For userland, I would like to eventually copy the OpenBSD approach for > architectures which have some form of PC-relative addressing: we can > have multiple random canaries in (RELRO) .rodata in sufficiently close > to the code that needs them (assuming that we have split .rodata). At > least for x86-64, I expect this to be a small win. It's also a slight > hardening improvement if the reference canary is not stored in writable > memory.
On AArch64 hardware pointer signing already provides a free and more robust implementation of stack canaries, so we could change -fstack-protector to use that when pointer signing is enabled. Wilco
