Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8234809

set relro in linker flags when building with gcc

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b25
    • CPU:
      generic
    • OS:
      linux

      Backports

        Description

        relro is recommended as a binary hardening technique.
        See
        https://wiki.debian.org/Hardening
        "During program load, several ELF memory sections need to be written to by the linker, but can be turned read-only before turning over control to the program. This prevents some GOT (and .dtors) overwrite attacks, but at least the part of the GOT used by the dynamic linker (.got.plt) is still vulnerable."

        Currently this link flag is already set for libjvm, however not for other binaries.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                mbaesken Matthias Baesken
                Reporter:
                mbaesken Matthias Baesken
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: