Not properly chosen link flags
Binaries compiled as PIE but without RELRO.
Choose proper link flags,
Binaries compiled as Full RELRO.
Description of problem:
At least the following binaries,
are compiled as Position Independent Executables (PIE), but with lazy binding enabled (no BIND_NOW / NOW). This not only slows the startup down (adding one layer of indirection for PIE), but also creates potential security issues.
Please compile these as either
- non-PIE, with "partial" RELRO: gcc -Wl,-z,relro
- PIE, with "full" RELRO: gcc -fPIE -pie -Wl,-z,relro,-z,now
*not* in any combination of the two (for one binary).
Generally speaking, PIE + "full" RELRO is recommended for anything that doesn't start too often (as it provides the best protection at a slight cost in startup time) such as daemons, SUID binaries or anything having extra privileges and handling unsafe user data.
For anything else, "Partial" RELRO is recommended.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. readelf -a <path-to-binary> | less
2. look for addresses, see them being relative, starting at 0
2.1. (also see ELF type at the top - should be DYN)
3. look for BIND_NOW or NOW, without success
binaries compiled as PIE with "partial" RELRO
binaries either compiled as PIE+"full" RELRO or non-PIE+"partial" RELRO
/usr/libexec/mysqld seems to have correctly PIE + "full" RELRO.
*** Bug 1092548 has been marked as a duplicate of this bug. ***
Created attachment 1173765 [details]
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.