RELRO is a generic exploit mitigation technique to harden the data sections of an ELF[109] binary or process. ELF is a common file format for executables and libraries that is used by a variety of UNIX-like systems, including Linux, Solaris, and BSD. RELRO has two different modes:
Compiler command line: gcc -Wl,-z,relro
.
The ELF sections are reordered so that the ELF internal data sections (.got
, .dtors
, etc.) precede the program’s data sections (.data
and .bss
).
Non-PLT GOT is read-only.
PLT-dependent GOT is still writeable.
Compiler command line: gcc -Wl,-z,relro,-z,now
.
Supports all the features of Partial RELRO.
Bonus: The entire GOT is (re)mapped as read-only.
Both Partial and Full RELRO reorder the ELF internal data ...
No credit card required