Bug 190228 - Use -z relro flag to link C++ code
Summary: Use -z relro flag to link C++ code
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 152373 249650
TreeView+ depends on / blocked
 
Reported: 2006-04-28 22:02 UTC by Rich Megginson
Modified: 2015-01-04 23:20 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-03-03 14:48:04 UTC
Embargoed:


Attachments (Terms of Use)

Description Rich Megginson 2006-04-28 22:02:02 UTC
We don't have much C++ code, but we should use this:

Those maintainers with C++ code which is security relevant (i.e., those programs
which are exposed to network traffic or run SUID/SGID):

please make sure the binaries and DSOs are now built with -Wl,-z,relro on the
command line when linking.  The current FC5 toolchain finally supports moving
the virtual function table into the relro sections. I.e., the function pointers
cannot be overwritten.  vtables are a big vulnerability of C++ code.

-- 
â§ Ulrich Drepper â§ Red Hat, Inc. â§ 444 Castro St â§ Mountain View, CA â

Comment 2 Rich Megginson 2008-02-28 03:47:00 UTC
We don't really set flags like this in our code any more - this is set by the
build system.


Note You need to log in before you can comment on or make changes to this bug.