NAME

clang-local — OpenBSD-specific behavior of LLVM/clang

DESCRIPTION

On OpenBSD, the LLVM/clang compiler exhibits the following characteristics:

• clang does not search under /usr/local for include files or libraries: as a system compiler, it only searches the system paths by default.
• clang comes with stack protection enabled by default, equivalent to the -fstack-protector-strong option on other systems. The system will report any violation of the stack protector cookie along with the function name via syslog(3) at LOG_CRIT priority.
• clang will generate PIE code by default, allowing the system to load the resulting binary at a random location. This behavior can be turned off by passing -fno-pie to the compiler and -nopie to the linker. It is also turned off when the -pg flag is used.
• The -fstrict-aliasing option is turned off by default unless -Ofast has been selected.
• clang does not store its version string in objects. There is no option to control this.
• The -p flag is an alias of -pg.
• clang does not warn for passing pointer arguments or assignment with different signedness outside of -pedantic. This can be re-enabled with the -Wpointer-sign flag.
• The warning option -Waddress-of-packed-member is disabled by default.
• Color diagnostic messages are disabled by default and can be re-enabled with -fdiagnostics-color.
• The -fwrapv option to treat signed integer overflows as defined is enabled by default to prevent dangerous optimizations which could remove security critical overflow checks.
• The base system includes the ubsan_minimal sanitizer runtime but not the fully-featured ubsan runtime. See the documentation for the -fsanitize-minimal-runtime flag.
• The malloc(3), calloc(3), realloc(3), strdup(3), strndup(3), valloc(3) and free(3) builtins are disabled to prevent undesirable optimizations of calls to these functions.
• clang includes a security pass that exchanges some ROP-friendly instructions with safer alternatives on i386 and amd64. This can be disabled with the -fno-fixup-gadgets option.
• clang includes a security pass that can clear the return address on the stack upon return from calling a function, on i386 and amd64. This can be enabled with the -fret-clean option.
• clang includes the retguard security feature on amd64, arm64, mips64, powerpc and powerpc64. This feature can be disabled with the -fno-ret-protector or -fno-stack-protector options.
• clang has -mretpoline enabled by default on amd64 to protect against branch target injection attacks. It can be disabled with -mno-retpoline.
• A new warning for %n format specifier usage in printf(3) family functions has been added.

SEE ALSO

clang(1)