C.2 RELRO
RELRO is a generic exploit mitigation technique to harden the data sections of an ELF[109] binary or process. ELF is a common file format for executables and libraries that is used by a variety of UNIX-like systems, including Linux, Solaris, and BSD. RELRO has two different modes:
- Partial RELRO
Compiler command line:
gcc -Wl,-z,relro.The ELF sections are reordered so that the ELF internal data sections (
.got,.dtors, etc.) precede the program’s data sections (.dataand.bss).Non-PLT GOT is read-only.
PLT-dependent GOT is still writeable.
- Full RELRO
Compiler command line:
gcc -Wl,-z,relro,-z,now.Supports all the features of Partial RELRO.
Bonus: The entire GOT is (re)mapped as read-only.
Both Partial and Full RELRO reorder the ELF internal data ...
Get A Bug Hunter's Diary now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.