Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add build flags for ALSR and RELRO support

Description

To harden our binaries for security, per  e-mail:

  • enable address space layout randomization by building the executables with -fPIE (compiler) -pie (linker) flags. Note that -fPIE flag replaces -fPIC flag for them. Shared libraries still must be built with -fPIC. Verify the result by

    giving empty output

  • make executable's global offset table read-only by building with -Wl,-z,now. Verify the result by

    giving non-empty output

Environment

None

Smart Checklist

Activity

David Bennett October 18, 2017 at 1:29 AM

We need to make sure this issue doesn't effect systems:

  https://access.redhat.com/security/cve/cve-2017-1000253

Laurynas Biveinis September 29, 2017 at 4:01 PM

provided this issue will go ahead at some point, then step 1 in testing is flipping developer MTR jobs to new flags. Or implementing .

Laurynas Biveinis September 29, 2017 at 3:59 PM

, please CC me as well

David Busby September 27, 2017 at 9:12 AM

 understood, I have sent a separate email to  on which you are CC'ed.

 

David Bennett September 26, 2017 at 4:37 PM

Vadim has asked me to put this on hold. Please consult with him if you have any further questions.

Won't Do

Details

Assignee

Reporter

Components

Priority

Smart Checklist

Created December 28, 2016 at 5:10 AM
Updated May 3, 2024 at 8:26 AM
Resolved May 3, 2024 at 8:26 AM