Project

General

Profile

Feature #4349

feature request: ld options -z,noexecstack and -z,relro

Added by Richard PALO over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2013-11-23
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

seeing more and more of these in packages... I believe it would be useful to implement them.

for the former (ld -z noexecstack):
one needs to specifically substitute -M /usr/lib/ld/map.noexstk
which contains simply:

$mapfile_version 2

STACK {
    FLAGS = READ WRITE;
};

which should not be too difficult to implement with the option in place of the map file.

for the latter, it is not [yet] implemented and means

Create an ELF PT_GNU_RELRO segment header in the object. 

as lifted from a 'hardening' page:
During program load, several ELF memory sections need to be written to by the linker, but can be turned read-only before turning over control to the program. This prevents some GOT (and .dtors) overwrite attacks, but at least the part of the GOT used by the dynamic linker (.got.plt) is still vulnerable.

Also available in: Atom PDF