Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Ubuntu 19.10 To Harden Its Compiler With Stack Clash Protection & Intel CET

Written by Michael Larabel in Ubuntu on 19 June 2019 at 06:37 AM EDT. Add A Comment

UBUNTU

In addition to discontinuing i386 support, Canonical announced another change being worked on for Ubuntu 19.10 is compiler hardening.

In the name of increased security, their GCC 9 compiler for Ubuntu 19.10 will have some additional tunables enabled: -fstack-clash-protection and -fcf-protection.

The stack clash protection is designed to fend off stack clash attacks by checking pages at allocation-time that instead would result in ideally just a segmentation fault.

The CF-Protection flag is for enabling Intel Control-Flow Enforcement Technology. Intel CET fends off ROP and COP/JOP style attacks thanks to indirect branch tracking and making use of a shadow stack. The Linux CET support came together over the past year though only works with the newest of Intel CPUs while for older CPUs it's treated as a no-op.

Confirmation of flipping on these new GCC hardening flags by default and other details can be found via this mailing list post.

Ubuntu 19.10 will be shipping with the new GCC 9 compiler release as well as newest Glibc and other components with this being the cycle prior to Ubuntu 20.04 LTS.

Add A Comment

Related News

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

Ubuntu flash-kernel Package Looks To Drop Support For Old ARM Hardware

Ubuntu 25.04 Planning To Use GCC 15 As Well As Exploring Greater LLVM Use

Mir 2.19 Released With Atomic KMS Platform Support, New Wayland Protocols

UBports' Ubuntu Touch OTA-7 Atop Ubuntu 20.04 Released

Updated Ubuntu 24.10 Install Image Released For Snapdragon X1 Elite Laptops

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

Vulkan Video Now Enabled By Default For Radeon VCN2/VCN3 Hardware On Linux

Rustls Multi-Threaded Performance Is Battering OpenSSL

Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience

KDE Starts December By Landing A Number Of New Features