GCC 12 Adds Stack Variable Auto-Initialization, Other Security Improvements Forthcoming
In some areas this GCC security work is about catching up with security features already implemented by LLVM Clang. Among the features have been for zeroing out caller-used registers on return, auto initializing of stack variables, unsigned overflow detection, and more. For instance with GCC 11 is the zero-call-used-regs compiler feature and now with Linux 5.15 that feature can be optionally used to enhance the kernel security.
Slipping under our radar earlier this month was that GCC 12 has landed stack variable auto-initialization. This new GCC 12 security feature can be turned on with the "-ftrivial-auto-var-init=zero" compiler switch. LLVM/Clang saw this security option posted back in 2018.
With the stack variable auto initialization, it leaves GCC still needing to support speculative load hardening, unsigned overflow protection, and control flow integrity improvements to match the Clang security features.
Those wishing to learn more about the GCC security work ongoing by Oracle and others can see the presentation below along with the slides.