Bug 190228 - Use -z relro flag to link C++ code
Use -z relro flag to link C++ code
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
Depends On:
Blocks: 152373 249650
  Show dependency treegraph
Reported: 2006-04-28 18:02 EDT by Rich Megginson
Modified: 2015-01-04 18:20 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-03-03 09:48:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rich Megginson 2006-04-28 18:02:02 EDT
We don't have much C++ code, but we should use this:

Those maintainers with C++ code which is security relevant (i.e., those programs
which are exposed to network traffic or run SUID/SGID):

please make sure the binaries and DSOs are now built with -Wl,-z,relro on the
command line when linking.  The current FC5 toolchain finally supports moving
the virtual function table into the relro sections. I.e., the function pointers
cannot be overwritten.  vtables are a big vulnerability of C++ code.

➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
Comment 2 Rich Megginson 2008-02-27 22:47:00 EST
We don't really set flags like this in our code any more - this is set by the
build system.

Note You need to log in before you can comment on or make changes to this bug.