1 |
On Tue, 17 Oct 2006 11:25:13 -0400, Alejo Sanchez |
2 |
<alejos-Re5JQEeQqe8AvxtiuMwx3w@××××××××××××.org> wrote: |
3 |
|
4 |
> On 10/17/06, Javier Barrio |
5 |
> <coder-EYqyydz9ICHYtjvyW6yDsg@××××××××××××.org> wrote: |
6 |
>> |
7 |
>> > Now to the question. I was wondering if there is a way to protect GOT |
8 |
>> > (besides having ET_DYN) in the way OpenBSD does |
9 |
>> > (http://undeadly.org/cgi?action=article&sid=20030126143902). If not, |
10 |
>> > what would you think on a similar patch for Hardened? |
11 |
>> |
12 |
>> Mmm, I think that can be (partially) protected passing -z relro to the |
13 |
>> gnu linker, making RELRO segment read-only after symbol resolution. |
14 |
>> |
15 |
> |
16 |
> Thanks!Tried googling but didn't get there. Should've tried harder, |
17 |
> perhaps. |
18 |
> http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml#doc_chap4 |
19 |
> |
20 |
> Cheers. |
21 |
> |
22 |
> Alejo |
23 |
|
24 |
1. The reference seems to be a discussion of possibilities that were not |
25 |
implemented? Is this history, or an ongoing debate? |
26 |
|
27 |
2. So does this mean that in anticipation of new binutils, we should add |
28 |
LDFLAGS="-Wl,z,norelro" to make.conf? |
29 |
For that matter, should we add "-z norelro" to CFLAGS and/orCXXFLAGS now? |
30 |
|
31 |
TIA, newbie |
32 |
|
33 |
|
34 |
-- |
35 |
gentoo-hardened@g.o mailing list |