Re: ERROR: [...] missing RELRO

To: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
Subject: Re: ERROR: [...] missing RELRO
From: Martin Husemann <martin%duskware.de@localhost>
Date: Fri, 1 Oct 2021 15:33:11 +0200

On Fri, Oct 01, 2021 at 03:08:57PM +0200, Hauke Fath wrote:
> Hi,
> 
> one more of these things that just get dropped on pkgsrc by 
> well-meaning people: RELRO.
> 
> The search engine of least contempt spits out 
> <https://wiki.netbsd.org/pkgsrc/hardening/>, which has a terse 
> PKGSRC_USE_RELRO chapter. It doesn't bother to explain the acronym; a 
> link to a 2008 page results in a Google login, and is obscure enough 
> not to be known by archive.org.

It is a linker option, see man ld(1):

           relro
           norelro
               Create an ELF "PT_GNU_RELRO" segment header in the object.
               This specifies a memory segment that should be made read-only
               after relocation, if supported.  Specifying common-page-size
               smaller than the system page size will render this protection
               ineffective.  Don't create an ELF "PT_GNU_RELRO" segment if
               norelro.

My understanding (from dim memory):

Usually everything that requires changes during relocation (== fixup of
symbols when loading shared libs) stays writable during the lifetime of
the  process. RELRO tries to protect as much as possible after
(initial) relocation. This is architecture/ABI dependend and a noop on
some machines, and impossible/not supported on others. When it is
supported and not a noop it could be viewed as an ABI change, i.e.
everything build into the binary/libs needs to be compiled with the
same relro options.

Martin

References:
- ERROR: [...] missing RELRO
  - From: Hauke Fath

Prev by Date: Re: ERROR: [...] missing RELRO
Next by Date: Re: jupyter notebook with R kernel
Previous by Thread: Re: ERROR: [...] missing RELRO
Next by Thread: Re: ERROR: [...] missing RELRO
Indexes:

Home | Main Index | Thread Index | Old Index