CLANG-LOCAL(1) | General Commands Manual | CLANG-LOCAL(1) |
clang-local
—
OpenBSD-specific behavior of LLVM/clang
On OpenBSD, the LLVM/clang compiler exhibits the following characteristics:
clang
does not search under
/usr/local for include files or libraries: as a
system compiler, it only searches the system paths by default.clang
comes with stack protection enabled by
default, equivalent to the
-fstack-protector-strong
option on other systems.
The system will report any violation of the stack protector cookie along
with the function name via syslog(3) at
LOG_CRIT
priority.clang
will generate PIE code by default, allowing
the system to load the resulting binary at a random location. This
behavior can be turned off by passing -fno-pie
to
the compiler and -nopie
to the linker. It is also
turned off when the -pg
flag is used.-fstrict-aliasing
option is turned off by
default unless -Ofast
has been selected.clang
does not store its version string in
objects. There is no option to control this.-p
flag is an alias of
-pg
.clang
does not warn for passing pointer arguments
or assignment with different signedness outside of
-pedantic
. This can be re-enabled with the
-Wpointer-sign
flag.-Waddress-of-packed-member
is
disabled by default.-fdiagnostics-color
.-fwrapv
option to treat signed integer
overflows as defined is enabled by default to prevent dangerous
optimizations which could remove security critical overflow checks.-fsanitize-minimal-runtime
flag.clang
includes a security pass that exchanges some
ROP-friendly instructions with safer alternatives on i386 and amd64. This
can be disabled with the -fno-fixup-gadgets
option.clang
includes the retguard security feature on
amd64, arm64, mips64, powerpc and powerpc64. This feature can be disabled
with the -fno-ret-protector
or
-fno-stack-protector
options.clang
has -mretpoline
enabled by default on amd64 to protect against branch target injection
attacks. It can be disabled with
-mno-retpoline
.%n
format specifier usage in
printf(3) family functions has been
added.February 18, 2022 | OpenBSD-current |