[PATCH 5/7] elf: Enable relro for static build
Florian Weimer
fw@deneb.enyo.de
Mon Dec 2 18:25:00 GMT 2019
* Adhemerval Zanella:
>> Somewhat bizarrely, full RELRO for statically linked binaries
>> requires linking with -z now.
> My understanding it is arch-specific and also depends on how
> bintuils was build. For instance, with my system ld (GNU ld (GNU
> Binutils for Ubuntu) 2.30) seemed to be built with
> DEFAULT_LD_Z_RELRO (set by --enable-relro) which sets relro by
> default. With this binutils I could only disable relro by explicit
> add norelro, the -z {lazy,now} did not change the GNU_RELRO header
> creation.
Whether -z relro gives you full RELRO depends somewhat on the
architecture and what relocations can be eliminated from the static
link. Objects built with -fPIC tend to leave relocations behind,
though, and to protect them, you need -z now.
More information about the Libc-alpha
mailing list