Bugzilla – Bug 1175154
Add Control-flow Enforcement Technology (CET) to openSUSE
Last modified: 2023-12-04 12:20:26 UTC
Control-flow Enforcement Technology (CET) looks like a promising mitigation of Return Oriented Programming group of attacks. CET requires support in the CPU (starting with Intel Tiger Lake, if I'm not mistaken), kernel support, and support in the libraries and the application code itself. According to the technology partner, this capability needs enabling: * Kernel * KVM * QEMU * Tool Chain GCC v8.1 * GDB Support – TBD * GNU Binutils v2.31 * GLIBC v2.28
I opened https://jira.suse.com/browse/PM-2110 already a week ago.
On x86_64 the compiler side is enabled now (including CET enabled runtime libraries). Build-wise the main missing piece is enabling this through RPM_OPT_FLAGS unless we want to be more selective. Not sure why the bug is assigned to me.
I started a confluence page for coordination. https://confluence.suse.com/pages/viewpage.action?pageId=569311509 Johannes would like to drive this to factory.
This is an autogenerated message for OBS integration: This bug (1175154) was mentioned in https://build.opensuse.org/request/show/844528 Factory / glibc