search for: relro

...grams? For example you mention that cross-DSO CFI implementation in Android needed to be updated, could that also be the case on other platforms? - Does this need work in every OS to take advantage of it? For example would this need a ld.so change on Linux? The last time we updated the position of RELRO was in https://reviews.llvm.org/D56828 it will be worth going through the arguments in there to see if there is anything that triggers any thoughts. Peter On Thu, 29 Aug 2019 at 09:22, Rui Ueyama <ruiu at google.com> wrote: > > Hi Vic, > > I'm in favor of this proposal. Savi...

Hey all, TL;DR: Moving RELRO segment to be immediately after read-only segment so that the dynamic linker has the option to merge the two virtual memory areas at run time. This is an RFC for moving RELRO segment. Currently, lld orders ELF sections in the following order: R, RX, RWX, RW, and RW contains RELRO. At run time, aft...

On Thu, Aug 29, 2019 at 3:10 AM Fāng-ruì Sòng <maskray at google.com> wrote: > Hello Vic, > > To make sure I understand the proposal correctly, do you propose: > > Old: R RX RW(RELRO) RW > New: R(R+RELRO) RX RW; R includes the traditional R part and the > RELRO part > Runtime (before relocation resolving): RW RX RW > Runtime (after relocation resolving): R RX RW > I actually see two ways of implementing this, and yes what you mentioned here is one of them:...

On Fri, Aug 30, 2019 at 4:54 AM Fāng-ruì Sòng <maskray at google.com> wrote: > > > Old: R RX RW(RELRO) RW > > > New: R(R+RELRO) RX RW; R includes the traditional R part and the > > > RELRO part > > > Runtime (before relocation resolving): RW RX RW > > > Runtime (after relocation resolving): R RX RW > > > > > I actually see two ways of implemen...

...nbdkit/libnbd/ci-alpine-edge:latest... > Getting image source signatures > Copying blob 88ecf269dec3 done > Copying blob 0ded2f83af0e done > Copying config a3b4bffb18 done > Writing manifest to image destination > Storing signatures > Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied > Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied > Error relocating /usr/lib/libncursesw.so.6: RELRO protection failed: Permission denied > Error relocating /bin/bash: RELRO protection failed: Permission denied I&...

...... > > Getting image source signatures > > Copying blob 88ecf269dec3 done > > Copying blob 0ded2f83af0e done > > Copying config a3b4bffb18 done > > Writing manifest to image destination > > Storing signatures > > Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied > > Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied > > Error relocating /usr/lib/libncursesw.so.6: RELRO protection failed: Permission denied > > Error relocating /bin/bash: RELRO protection failed: Permis...

...r - kexdhs.o r - kexgexs.o r - kexecdhs.o r - kexc25519s.o ranlib libssh.a /usr/bin/gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -L/usr/contrib//lib -L /usr/lib -L /usr/contrib/lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz /usr/bin/gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o...

Hi, I tried to build glibc-2.7 with llvm-gcc4.2. First problem I hit is that glibc tests for -z relro linker flag support using this command: ${CC-cc} -v --help 2>&1|grep "z relro" This test fails for llvm-gcc since it doesn't output linker's --help. I bypassed this check temporarely by editing configure, but my question is where does this bug belong to? Is it an llvm-gcc...

On 8 June 2018 at 12:09, PGNet Dev <pgnet.dev at gmail.com> wrote: [...] > /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv > /usr/bin/ld: unrecognized option '-Wl,-z,relro' That's a slightly different problem: -Wl is a gcc flag that means "pass the following flag through to the...

...|| ln -s `cd . && pwd`/regress/Makefile `pwd`/regress/Makefile (cd openbsd-compat && make) /usr/bin/gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -L/usr/contrib//lib -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz /usr/bin/gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session....

...d-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--start-group tests/libtest_qemu_driver.so src/libvirt.so.0.6009.0 -Wl,-export-dynamic -ldl /usr/lib64/libglib-2.0.so /usr/lib64/ libgobject-2.0.so /usr/lib64/libgio-2.0.so /usr/lib64/libgnutls.so /usr/lib64/libnl-3.so /us...

...ing image source signatures >>> Copying blob 88ecf269dec3 done >>> Copying blob 0ded2f83af0e done >>> Copying config a3b4bffb18 done >>> Writing manifest to image destination >>> Storing signatures >>> Error relocating /usr/lib/libreadline.so.8: RELRO protection failed: Permission denied >>> Error relocating /lib/ld-musl-x86_64.so.1: RELRO protection failed: Permission denied >>> Error relocating /usr/lib/libncursesw.so.6: RELRO protection failed: Permission denied >>> Error relocating /bin/bash: RELRO protection faile...

On Wed, 17 Feb 2016, Tom G. Christensen wrote: > On 12/02/16 04:56, Damien Miller wrote: > > Portable OpenSSH is available via Git at > > https://anongit.mindrot.org/openssh.git/ or via a mirror on Github at > > https://github.com/openssh/openssh-portable > > > > I'm seeing a hang in the testsuite on Solaris: > run test transfer.sh ... > transfer data:

...017 at 1:32 PM, Rui Ueyama via llvm-dev < llvm-dev at lists.llvm.org> wrote: > On Wed, May 17, 2017 at 1:11 PM, Petr Hosek <phosek at chromium.org> wrote: > >> The motivation is not only memory savings but also security: >> can-never-be-written is strictly better than RELRO in all cases. The >> biggest win is when .dynamic is the sole reason for having a writable >> segment at all. The distinction is fairly small for exploitability, but not >> negligible. >> > > I'm not even sure if it is strictly better to make .dynamic read-only by...

Hello, I try to cross compile samba for my ARM platform, but I get the following error in the building process: ----------------------------%<---------------------------- PICFLAG = -fPIE LIBS = -lresolv -lnsl -ldl LDFLAGS = -pie -Wl,-z,relro -L/home/piotr/mini2440/usr/local/arm/4.3.2/lib DYNEXP = LDSHFLAGS = shared-libraries-disabled -Wl,-z,relro -L/home/piotr/mini2440/usr/local/arm/4.3.2/lib SHLIBEXT = shared_libraries_disabled SONAMEFLAG = shared-libraries-disabled Linking bin/smbd /home/piotr/mini2440/...

...But it failed with the following error: --------------------------------------------------------- ... ocamlmklib -o mlguestfs \ libguestfsocaml_a-guestfs-c.o libguestfsocaml_a-guestfs-c-actions.o libguestfsocaml_a-guestfs-c-errnos.o ../common/utils/libguestfsocaml_a-utils.o guestfs.cmo \ -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld \ \ -L../lib/.libs -lguestfs \ -L../gnulib/lib/.libs -lgnu Unknown option -Wl,-z,relro Unknown option -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ocamlmklib -o mlguestfs \ libguestfsocaml_a-guestfs-c.o libguestfsocaml_a-guestfs-c-actio...

...-I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED -I/app/builduser/samba-3.5.5/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 PICFLAG = -fPIC LIBS = -lresolv -lnsl -ldl LDFLAGS = -pie -Wl,-z,relro -L/app/utils//lib -Wl,-rpath -Wl,/app/utils//lib -Wl,--as-needed -L/app/subversion/lib -L/app/subversion/lib64 -L/app/utils/lib -L/app/utils/lib64 -L./bin DYNEXP = -Wl,--export-dynamic LDSHFLAGS = -fPIC -shared -Wl,-Bsymbolic -Wl,-z,relro -L/app/utils//lib -Wl,-rpath -Wl,/app/utils...

...12:21, Darren Tucker <dtucker at dtucker.net> wrote: >> On 8 June 2018 at 12:09, PGNet Dev <pgnet.dev at gmail.com> wrote: >> [...] >>> /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz -lcrypt -lresolv >>> /usr/bin/ld: unrecognized option '-Wl,-z,relro' >> >> That's a slightly different problem: -Wl is a gcc flag that means >> "pass...

...> --enable-threads --enable-largefile --with-libtool --enable-shared > --enable-static --with-openssl=/usr --with-gssapi=/usr > --with-dlopen=yes --with-gnu-ld --enable-ipv6 > CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' > LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' > CPPFLAGS='-D_FORTIFY_SOURCE=2' I seem to have a few errors in my syslog. Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir '/var/run/named': Permission denied Dec 31 09:35:17 VMDC1 named[24025]: generating session key for dynamic DNS Dec 31 09:35:17 VMDC1 named[240...

Hmm, something wasn't accepted in -Wl flags. clang -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -march=x86-64 -mtune=generic -Wl,-O1,--sort-common,--as-needed,-z,relro,--hash-style=gnu -Wl,--gc-sections -Wl,-plugin-opt,-function-sections -Wl,-plugin-opt,-data-sections CMakeFiles/cmTC_358cb.dir/testCCompiler.c.o -o cmTC_358cb && : /usr/bin/ld: bad -plugin-opt option clang-3.9: error: linker command failed with exit code 1 (use -v to see invoc...