I've been unable to find any description of how to use the "-z relro" linker option in the PaX-patched version of binutils. Is this simply added to the LDFLAGS variable for any executables that a user chooses to build *after* binutils is patched, compiled and installed? Are there specific applications that benefit from it more than others, for instance PHP?
Thanks in advance for any light you might shed on this.
Making use of "-z relro"
2 posts
• Page 1 of 1
Making use of "-z relro"
by Leomania » Thu Aug 24, 2006 3:30 pm
- Leomania
- Posts: 1
- Joined: Thu Aug 24, 2006 3:25 pm
Re: Making use of "-z relro"
by PaX Team » Sat Aug 26, 2006 3:45 am
normally it's the distro's job to make use of all these toolchain features, but if you want to cook your own system, i suggest that you at least take a look at what hardened gentoo http://www.gentoo.org/proj/en/hardened/ (also check the FAQ) or hardened LFS do http://www.linuxfromscratch.org/hlfs/view/unstable/.Leomania wrote:I've been unable to find any description of how to use the "-z relro" linker option in the PaX-patched version of binutils. Is this simply added to the LDFLAGS variable for any executables that a user chooses to build *after* binutils is patched, compiled and installed? Are there specific applications that benefit from it more than others, for instance PHP?
Thanks in advance for any light you might shed on this.
first, the PaX patch for binutils is only for emitting the PT_PAX_FLAGS program header, it's independent of -z relro which has been in binutils since 2.15 or so now. second, since -z relro (and don't forget -z now) is a linker switch, you obviously need to pass it to the linker, whether that's via LDFLAGS or CFLAGS depends on what your system/packages take. in general the easiest way is to pass it through the gcc specs file so you don't have to modify anything else.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1