Problem: An attacker could intercept and redirect shared library function calls Fix By: Link with -Wl,--secure-plt Waive If: No shared libraries are used Example: FAIL: writable-got test because the GOT/PLT relocs are writable
This test checks that the instructions to set up the GOT and PLT tables in a dynamic executable cannot be altered by an outside source.
Dynamic executables use two tables to help them connect to shared libraries. These tables - the GOT and the PLT - are set up when the program runs, based upon instructions held in special sections in the file. If these sections are writable then an attacker could change their contents and thus cause the program to call the wrong functions in the shared libraries.
Under normal circumstances this test should never fail. If it does then something unusual is going on. One possible cure is to add the -Wl,--secure-plt option to the final link command line.
If necessary the test can be disabled via the --skip-writable-got option and re-enabled via the --test-writable-got option.