[uClibc] Re: [gentoo-hardened] uclibc and heap randomisation (ET_EXEC)

pageexec at freemail.hu pageexec at freemail.hu
Tue Aug 17 16:25:07 UTC 2004


> What we would need for full hardened support, is RELRO support in ldso

this should not be hard: basically, whenever you're done with
relocations in a library (and the main app on startup), you
should call mprotect(PROT_READ) on the area described by the
PT_GNU_RELRO program header (so you have to parse it and save
the relevant start address/length info).

> and Scrt1.o (PIE support) for non-x86 archs.

this you can take from glibc, on any arch PIEs are supported they
also have the corresponding Scrt1.o generated (they do that by
adding '#ifdef SHARED' or something similar to the crt1 source
and assembling it twice during the build process, once for PIEs
and once for normal executables).




More information about the uClibc mailing list