[Lunar-commits] <moonbase> Subject: binutils: Add ELF randomization and page locking (half/full RELRO) - hardening.
Auke Kok
sofar at foo-projects.org
Tue Sep 7 06:31:17 CEST 2010
commit 43ffec7aa04aa1f22552c94f19f4b60935c7c38d
Author: Auke Kok <sofar at foo-projects.org>
Date: Tue Sep 7 06:31:17 2010 +0200
Subject: binutils: Add ELF randomization and page locking (half/full RELRO) - hardening.
---
devel/binutils/plugin.d/optimize-gnu_ld.plugin | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/devel/binutils/plugin.d/optimize-gnu_ld.plugin b/devel/binutils/plugin.d/optimize-gnu_ld.plugin
index 827ac02..c1d904d 100644
--- a/devel/binutils/plugin.d/optimize-gnu_ld.plugin
+++ b/devel/binutils/plugin.d/optimize-gnu_ld.plugin
@@ -30,6 +30,12 @@ plugin_gnu_ld_optimize()
Combreloc)
LDFLAGS="$LDFLAGS -z combreloc"
;;
+ Relro)
+ LDFLAGS="$LDFLAGS -z relro"
+ ;;
+ Now)
+ LDFLAGS="$LDFLAGS -z now"
+ ;;
esac
done
@@ -78,6 +84,8 @@ EOF
"Optimize" "-Wl,-O1" $( echo ${LDF[@]} | grep -qw "Optimize" && echo "on" || echo "off" ) "Optimize hash tables during linking"
"Reduce" "-Wl,--as-needed" $( echo ${LDF[@]} | grep -qw "Reduce" && echo "on" || echo "off" ) "Reduce the amount of linked libraries if possible"
"Combreloc" "-z combreloc" $( echo ${LDF[@]} | grep -qw "Combreloc" && echo "on" || echo "off" ) "Combreloc"
+ "Relro" "-z relro" $( echo ${LDF[@]} | grep -qw "Relro" && echo "on" || echo "off" ) "Randomize ELF segments (security)"
+ "Now" "-z now" $( echo ${LDF[@]} | grep -qw "Now" && echo "on" || echo "off" ) "Make ELF segments R/O at dl load time (slow, security)"
)
RESULT=`$DIALOG --item-help --separate-output --checklist "Select linker optimizations. These options only apply to the link stage of binaries." 0 0 0 "${OPTIONS[@]}"`
if [ $? == 0 ]; then
More information about the Lunar-commits
mailing list