In a move to enhance security, Fedora Linux 45, set to be released in the fall of 2026, will include the use of the shadow stack by default on x86_64 systems. The shadow stack is designed to prevent exploits that attempt to overwrite the return address of functions in the event of a stack buffer overflow. This decision aims to provide protection for all applications and libraries compiled with the gcc, clang, and rustc compilers. The plan is currently awaiting approval from the FESCo, the Fedora Engineering Steering Committee, which oversees the technical aspects of Fedora Linux development.
The driving force behind the integration of the shadow stack in Fedora is Arjun Shankar from Red Hat, who is responsible for maintaining glibc packages in Fedora and RHEL. The implementation of this security measure leverages the hardware capabilities of processors. Essentially, after control is transferred to a function, the return addresses are saved not only in the regular stack but also in a separate shadow stack, which is immutable. Prior to the function’s exit, the return address is retrieved from the shadow stack and compared against the one in the main stack. Any inconsistencies between the two addresses trigger an exception, effectively thwarting attempts to manipulate addresses on the main stack.
The shadow stack feature is supported on Intel processors from the 11th generation onwards, including processors such as “Tiger Lake” and “Rocket Lake”, as well as on AMD processors utilizing the Zen3 microarchitecture.