Project

General

Profile

Actions

Feature #4349

open

feature request: ld options -z,noexecstack and -z,relro

Added by Richard PALO almost 9 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2013-11-23
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

seeing more and more of these in packages... I believe it would be useful to implement them.

for the former (ld -z noexecstack):
one needs to specifically substitute -M /usr/lib/ld/map.noexstk
which contains simply:

$mapfile_version 2

STACK {
    FLAGS = READ WRITE;
};

which should not be too difficult to implement with the option in place of the map file.

for the latter, it is not [yet] implemented and means

Create an ELF PT_GNU_RELRO segment header in the object. 

as lifted from a 'hardening' page:
During program load, several ELF memory sections need to be written to by the linker, but can be turned read-only before turning over control to the program. This prevents some GOT (and .dtors) overwrite attacks, but at least the part of the GOT used by the dynamic linker (.got.plt) is still vulnerable.

No data to display

Actions

Also available in: Atom PDF