C.2 RELRO
RELRO is a generic exploit mitigation technique to harden the data sections of an ELF[109] binary or process. ELF is a common file format for executables and libraries that is used by a variety of UNIX-like systems, including Linux, Solaris, and BSD. RELRO has two different modes:
- Partial RELRO
Compiler command line:
gcc -Wl,-z,relro
.The ELF sections are reordered so that the ELF internal data sections (
.got
,.dtors
, etc.) precede the program’s data sections (.data
and.bss
).Non-PLT GOT is read-only.
PLT-dependent GOT is still writeable.
- Full RELRO
Compiler command line:
gcc -Wl,-z,relro,-z,now
.Supports all the features of Partial RELRO.
Bonus: The entire GOT is (re)mapped as read-only.
Both Partial and Full RELRO reorder the ELF internal data ...
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.