190228 – Use -z relro flag to link C++ code

Bug 190228 - Use -z relro flag to link C++ code

Summary: Use -z relro flag to link C++ code

Status:	CLOSED WONTFIX
Alias:	None
Product:	389
Classification:	Retired
Component:	Directory Server
Sub Component:	(Show other bugs)
Version:	1.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Rich Megginson
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:	152373 249650
TreeView+	depends on / blocked

Reported:	2006-04-28 22:02 UTC by Rich Megginson
Modified:	2015-01-04 23:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-03-03 14:48:04 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Rich Megginson 2006-04-28 22:02:02 UTC

We don't have much C++ code, but we should use this:

Those maintainers with C++ code which is security relevant (i.e., those programs
which are exposed to network traffic or run SUID/SGID):

please make sure the binaries and DSOs are now built with -Wl,-z,relro on the
command line when linking.  The current FC5 toolchain finally supports moving
the virtual function table into the relro sections. I.e., the function pointers
cannot be overwritten.  vtables are a big vulnerability of C++ code.

-- 
â§ Ulrich Drepper â§ Red Hat, Inc. â§ 444 Castro St â§ Mountain View, CA â

Comment 2 Rich Megginson 2008-02-28 03:47:00 UTC

We don't really set flags like this in our code any more - this is set by the
build system.

Note You need to log in before you can comment on or make changes to this bug.