[Snort-devel] RELRO security in Snort-2.9.x

Victor Roemer viroemer at ...3461...
Tue Mar 15 16:32:42 EDT 2016


Bill,

I dont know of these options; care to point us at some literature?

Does this stuff prevent someone from calling |mprotect| and just making 
the memory writable?

On 3/15/16 16:22, Bill Parker wrote:

> Hi All,
>
>    Does anyone have a take on this:
>
> *-Wl,-z,relro,-z,now*
> RELRO (read-only relocation). The options |relro| & |now| specified 
> together are known as "Full RELRO". You can specify "Partial RELRO" by 
> omitting the |now| flag. RELRO marks 
> various ELF memory sections read­only (E.g. the GOT 
> <http://stackoverflow.com/questions/9688076/process-linkage-table-and-global-offset-table>)
>
> This is an option to gcc, when I run a checksec.sh script against the 
> snort binary, it comes back with Partial RELRO, rather than FULL.
>
> Bill
>
>
> This body part will be downloaded on demand.
>
>
> This body part will be downloaded on demand.

​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160315/c6a696dd/attachment.html>


More information about the Snort-devel mailing list