1 |
> What we would need for full hardened support, is RELRO support in ldso |
2 |
|
3 |
this should not be hard: basically, whenever you're done with |
4 |
relocations in a library (and the main app on startup), you |
5 |
should call mprotect(PROT_READ) on the area described by the |
6 |
PT_GNU_RELRO program header (so you have to parse it and save |
7 |
the relevant start address/length info). |
8 |
|
9 |
> and Scrt1.o (PIE support) for non-x86 archs. |
10 |
|
11 |
this you can take from glibc, on any arch PIEs are supported they |
12 |
also have the corresponding Scrt1.o generated (they do that by |
13 |
adding '#ifdef SHARED' or something similar to the crt1 source |
14 |
and assembling it twice during the build process, once for PIEs |
15 |
and once for normal executables). |
16 |
|
17 |
|
18 |
-- |
19 |
gentoo-hardened@g.o mailing list |