C.2 RELRO

RELRO is a generic exploit mitigation technique to harden the data sections of an ELF[109] binary or process. ELF is a common file format for executables and libraries that is used by a variety of UNIX-like systems, including Linux, Solaris, and BSD. RELRO has two different modes:

Partial RELRO
  • Compiler command line: gcc -Wl,-z,relro.

  • The ELF sections are reordered so that the ELF internal data sections (.got, .dtors, etc.) precede the program’s data sections (.data and .bss).

  • Non-PLT GOT is read-only.

  • PLT-dependent GOT is still writeable.

Full RELRO
  • Compiler command line: gcc -Wl,-z,relro,-z,now.

  • Supports all the features of Partial RELRO.

  • Bonus: The entire GOT is (re)mapped as read-only.

Both Partial and Full RELRO reorder the ELF internal data ...

Get A Bug Hunter's Diary now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.