clang-local —
OpenBSD-specific behavior of LLVM/clang
On
OpenBSD, the LLVM/clang compiler exhibits the
following characteristics:
clang does not search under
/usr/local for include files or
libraries: as a system compiler, it only searches the system paths by
default.clang comes with stack protection
enabled by default, equivalent to the
-fstack-protector-strong option on
other systems. The system will report any violation of the stack protector
cookie along with the function name via
syslog(3) at
LOG_CRIT priority.clang will generate PIE code by
default, allowing the system to load the resulting binary at a random
location. This behavior can be turned off by passing
-fno-pie to the compiler and
-nopie to the linker. It is also turned
off when the -pg flag is used.- The
-fstrict-aliasing option is turned
off by default unless -Ofast has been
selected.
clang does not store its version string
in objects. There is no option to control this.- The
-p flag is an alias of
-pg.
clang does not warn for passing pointer
arguments or assignment with different signedness outside of
-pedantic. This can be re-enabled with
the -Wpointer-sign flag.- The warning option
-Waddress-of-packed-member is disabled
by default.
- Color diagnostic messages are disabled by default and can be re-enabled
with
-fdiagnostics-color.
- The
-fwrapv option to treat signed
integer overflows as defined is enabled by default to prevent dangerous
optimizations which could remove security critical overflow checks.
- The malloc(3),
calloc(3),
realloc(3),
strdup(3),
strndup(3),
valloc(3) and
free(3) builtins are disabled
to prevent undesirable optimizations of calls to these functions.
clang includes a security pass that
exchanges some ROP-friendly instructions for safe alternatives on i386 and
amd64 (X86FixupGadgets pass). There is no option to disable this
pass.
clang(1)
![[OpenBSD]](/openbsd.gif){kind=small}