| 1 |
> What we would need for full hardened support, is RELRO support in ldso |
| 2 |
|
| 3 |
this should not be hard: basically, whenever you're done with |
| 4 |
relocations in a library (and the main app on startup), you |
| 5 |
should call mprotect(PROT_READ) on the area described by the |
| 6 |
PT_GNU_RELRO program header (so you have to parse it and save |
| 7 |
the relevant start address/length info). |
| 8 |
|
| 9 |
> and Scrt1.o (PIE support) for non-x86 archs. |
| 10 |
|
| 11 |
this you can take from glibc, on any arch PIEs are supported they |
| 12 |
also have the corresponding Scrt1.o generated (they do that by |
| 13 |
adding '#ifdef SHARED' or something similar to the crt1 source |
| 14 |
and assembling it twice during the build process, once for PIEs |
| 15 |
and once for normal executables). |
| 16 |
|
| 17 |
|
| 18 |
-- |
| 19 |
gentoo-hardened@g.o mailing list |
Archives