Closed jelly closed 3 years ago
[jelle@natrium][/tmp/rdrview-git/src/rdrview]%checksec --file=rdrview RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH 360) Symbols Yes 3 9 rdrview
I get this same output with my regular build. What version of gcc are you using? Maybe the defaults have changed.
***@***.***[/tmp/rdrview-git/src/rdrview]%checksec --file=rdrview RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH 360) Symbols Yes 3 9 rdrview
I get this same output with my regular build. What version of gcc are you using? Maybe the defaults have changed.
Interesting, I have GCC 10, but some defaults such as -fstack-protector can be enabled by default in GCC.
I just pushed a patch for this issue. It's not the exact same as your patch, so please let me know if I got something wrong and it doesn't solve your problem. Thanks for the report.
Just tested and it works fine! Thanks!
The Makefile currently does not produce fully hardened binaries as it does not take the system's LDFLAGS or CPPFLAGS or CFLAGS. Which means the binaries aren't fully hardened
With a simple patch:
https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro