190228 – Use -z relro flag to link C++ code

Bug 190228 - Use -z relro flag to link C++ code

Summary: Use -z relro flag to link C++ code

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	389
Classification:	Retired
Component:	Directory Server
Sub Component:
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	152373 249650
TreeView+	depends on / blocked

Reported:	2006-04-28 22:02 UTC by Rich Megginson
Modified:	2015-01-04 23:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-03-03 14:48:04 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rich Megginson 2006-04-28 22:02:02 UTC

We don't have much C++ code, but we should use this:

Those maintainers with C++ code which is security relevant (i.e., those programs
which are exposed to network traffic or run SUID/SGID):

please make sure the binaries and DSOs are now built with -Wl,-z,relro on the
command line when linking.  The current FC5 toolchain finally supports moving
the virtual function table into the relro sections. I.e., the function pointers
cannot be overwritten.  vtables are a big vulnerability of C++ code.

-- 
â§ Ulrich Drepper â§ Red Hat, Inc. â§ 444 Castro St â§ Mountain View, CA â

Comment 2 Rich Megginson 2008-02-28 03:47:00 UTC

We don't really set flags like this in our code any more - this is set by the
build system.

Note You need to log in before you can comment on or make changes to this bug.