We don't have much C++ code, but we should use this: Those maintainers with C++ code which is security relevant (i.e., those programs which are exposed to network traffic or run SUID/SGID): please make sure the binaries and DSOs are now built with -Wl,-z,relro on the command line when linking. The current FC5 toolchain finally supports moving the virtual function table into the relro sections. I.e., the function pointers cannot be overwritten. vtables are a big vulnerability of C++ code. -- â§ Ulrich Drepper â§ Red Hat, Inc. â§ 444 Castro St â§ Mountain View, CA â
We don't really set flags like this in our code any more - this is set by the build system.