Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RELRO security in Snort-2.9.x

From: Victor Roemer <viroemer () cisco com>
Date: Tue, 15 Mar 2016 16:32:42 -0400
Bill,

I dont know of these options; care to point us at some literature?
Does this stuff prevent someone from calling |mprotect| and just making the memory writable? 

On 3/15/16 16:22, Bill Parker wrote:


Hi All,

   Does anyone have a take on this:

*-Wl,-z,relro,-z,now*
RELRO (read-only relocation). The options |relro| & |now| specified together are known as "Full RELRO". You can specify "Partial RELRO" by omitting the |now| flag. RELRO marks various ELF memory sections read­only (E.g. the GOT <http://stackoverflow.com/questions/9688076/process-linkage-table-and-global-offset-table>)
This is an option to gcc, when I run a checksec.sh script against the snort binary, it comes back with Partial RELRO, rather than FULL. 

Bill


This body part will be downloaded on demand.


This body part will be downloaded on demand.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: