Snort mailing list archives
Re: RELRO security in Snort-2.9.x
From: Shawn <citypw () gmail com>
Date: Sat, 2 Apr 2016 18:52:19 +0800
Hi Victor, On Wed, Mar 16, 2016 at 4:32 AM, Victor Roemer <viroemer () cisco com> wrote:
Bill, I dont know of these options; care to point us at some literature?
Take a look: http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html Beside RELRO, Snort running as an important component of networking system should take care of other major GCC mitigation like NX/PIE/ASLR/CANARY: http://hardenedlinux.org/system-security/2015/06/09/debian-security-chklist.html https://raw.githubusercontent.com/citypw/security-regression-testing-for-suse/master/other/vulns_hardening_assessment.log
Does this stuff prevent someone from calling mprotect and just making the memory writable?
No, RELRO is nothing to do with MPROTECT, which u might think it is a feature from PaX/Grsecurity.
On 3/15/16 16:22, Bill Parker wrote: Hi All, Does anyone have a take on this: -Wl,-z,relro,-z,now RELRO (read-only relocation). The options relro & now specified together are known as "Full RELRO". You can specify "Partial RELRO" by omitting the now flag. RELRO marks various ELF memory sections readÂonly (E.g. the GOT) This is an option to gcc, when I run a checksec.sh script against the snort binary, it comes back with Partial RELRO, rather than FULL. Bill This body part will be downloaded on demand. This body part will be downloaded on demand. ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140 _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
-- GNU powered it... GPL protect it... God blessing it... regards Shawn ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: RELRO security in Snort-2.9.x Shawn (Apr 12)
- Re: RELRO security in Snort-2.9.x Joshua Kinard (Apr 13)