FS#73820 - [openssh] enable spectre mitigation flags
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Wednesday, 16 February 2022, 22:23 GMT
Last edited by T.J. Townsend (blakkheim) - Tuesday, 06 June 2023, 14:21 GMT
Opened by T.J. Townsend (blakkheim) - Wednesday, 16 February 2022, 22:23 GMT
Last edited by T.J. Townsend (blakkheim) - Tuesday, 06 June 2023, 14:21 GMT
|
Details
Description:
The OpenSSH configure script will automatically append -mretpoline to CFLAGS (for spectre v2 userland mitigation) if clang is used as the compiler. This diff adds clang to the makedepends line and exports it as the CC/CXX used for the build. Additional info: One could argue that -mretpoline should be enabled by default on Arch's clang package, and that everything should be built with clang instead of GCC for this (and other) security benefits, but that's beyond the scope of this proposal. 
openssh.diff
(0.9 KiB)
|
This task depends upon
Closed by T.J. Townsend (blakkheim)
Tuesday, 06 June 2023, 14:21 GMT
Reason for closing: Won't implement
Tuesday, 06 June 2023, 14:21 GMT
Reason for closing: Won't implement
The GCC flags are also incompatible with -fcf-protection which we use by default. [4]
I'm not sure if this warrants switching compilers. Is Spectre even a concern for SSH?
[1] https://github.com/openssh/openssh-portable/commit/3377df00ea3f
[2] https://github.com/openssh/openssh-portable/commit/1673274aee67
[3] https://lists.archive.carbon60.com/openssh/dev/72261
[4] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87412
"As far as I understand it, recommendations for the code sequences to use
occasionally change and depend on CPU and microcode versions, so this
seems feasible only with run-time code generation. The original
retpolines are incompatible with SHSTK. Furthermore, avoiding indirect
jumps in the PLT needs run-time code generation with additional ASLR
constraints (or prelink-style ahead-of-time ASLR).
So I don't think the situation has changed."