Intel® Fortran Compiler 17.0 Developer Guide and Reference
Enables Control-flow Enforcement Technology (CET) protection, which defends your program from certain attacks that exploit vulnerabilities. This option offers preliminary support for CET.
Linux: | -qcf-protection[=keyword] |
macOS: | None |
Windows: | /Qcf-protection[:keyword] |
keyword |
Specifies the level of protection the compiler should perform. Possible values are:
|
-qcf-protection=none or /Qcf-protection:none |
No Control-flow Enforcement protection is performed. |
This option enables Control-flow Enforcement Technology (CET) protection, which defends your program from certain attacks that exploit vulnerabilities.
CET protections are enforced on processors that support CET. They are ignored on processors that do not support CET, so they are safe to use in programs that might run on a variety of processors.
Specifying shadow_stack helps to protect your program from return-oriented programming (ROP). Return-oriented programming (ROP) is a technique to exploit computer security defenses such as non-executable memory and code signing by gaining control of the call stack to modify program control flow and then execute certain machine instruction sequences.
Specifying branch_tracking helps to protect your program from call/jump-oriented programming (COP/JOP). Jump-oriented programming (JOP) is a variant of ROP that uses indirect jumps and calls to emulate return instructions. Call-oriented programming (COP) is a variant of ROP that employs indirect calls.
To get both protections, specify [q or Q]cf-protection with no keyword, or specify -qcf-protection=full (Linux*) or /Qcf-protection:full (Windows*).
None