Note that retguard also became a better stack protector by accident:
"• RETGUARD verifies integrity of the return address • Stack protector verifies integrity of the stack cookie • RETGUARD is a better stack protector • Per-function random cookie vs Per-object stack cookie • Verifies return address directly • In leaf functions, no need to store cookie in frame"
Note that retguard also became a better stack protector by accident:
"• RETGUARD verifies integrity of the return address
• Stack protector verifies integrity of the stack cookie
• RETGUARD is a better stack protector
• Per-function random cookie vs Per-object stack cookie
• Verifies return address directly
• In leaf functions, no need to store cookie in frame"
Another recent commit addressed the last point, improving performance and security of leaf functions: https://marc.info/?l=openbsd-cvs&m=155399999718325&w=2