Actions
Feature #1700
closedenable "relro" and "now" in compile options for 3.0
Effort:
Difficulty:
Label:
Description
Hello,
I compile the 3.0 version and wants to compile it with "-z relro -z now", but, even if some options are in the Makefiles I didn't succeed. On my Debian the "hardening check" says always :
------------------------------------------------------------------- Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: no Immediate binding: no --------------------------------------------------------------------
I had to modify the Makefile in "src" adding :
-Wl,-z,relro -Wl,-z,now
at the end of the line :
SECCFLAGS = -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
I get now :
------------------------------------------------------------------- Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes -------------------------------------------------------------------
Regards
JP P
Updated by Victor Julien about 8 years ago
- Description updated (diff)
- Target version changed from 3.0.1RC1 to 70
Updated by Victor Julien about 8 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version changed from 70 to 3.0.1RC1
I see that --enable-gccprotect should enable them, but doesn't properly. Working on a fix.
Updated by Victor Julien about 8 years ago
- Status changed from Assigned to Closed
Updated by Victor Julien about 8 years ago
Supplying --enable-gccprotect should lead to a binary that hardening-check is happy with (provided that you also use -O2 which is needed for fortify source).
Actions