Snort mailing list archives
Re: RELRO security in Snort-2.9.x
From: Victor Roemer <viroemer () cisco com>
Date: Tue, 15 Mar 2016 16:32:42 -0400
Bill, I dont know of these options; care to point us at some literature?Does this stuff prevent someone from calling |mprotect| and just making the memory writable?
On 3/15/16 16:22, Bill Parker wrote:
Hi All, Does anyone have a take on this: *-Wl,-z,relro,-z,now*RELRO (read-only relocation). The options |relro| & |now| specified together are known as "Full RELRO". You can specify "Partial RELRO" by omitting the |now| flag. RELRO marks various ELF memory sections readonly (E.g. the GOT <http://stackoverflow.com/questions/9688076/process-linkage-table-and-global-offset-table>)This is an option to gcc, when I run a checksec.sh script against the snort binary, it comes back with Partial RELRO, rather than FULL.Bill This body part will be downloaded on demand. This body part will be downloaded on demand.
------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- RELRO security in Snort-2.9.x Bill Parker (Mar 15)
- Re: RELRO security in Snort-2.9.x Victor Roemer (Mar 15)