-
Bug
-
Resolution: Fixed
-
P3
-
11, 14
-
b25
-
generic
-
linux
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8247198 | 13.0.4 | Matthias Baesken | P3 | Resolved | Fixed | b05 |
JDK-8236621 | 11.0.7 | Matthias Baesken | P3 | Resolved | Fixed | b01 |
relro is recommended as a binary hardening technique.
See
https://wiki.debian.org/Hardening
"During program load, several ELF memory sections need to be written to by the linker, but can be turned read-only before turning over control to the program. This prevents some GOT (and .dtors) overwrite attacks, but at least the part of the GOT used by the dynamic linker (.got.plt) is still vulnerable."
Currently this link flag is already set for libjvm, however not for other binaries.
See
https://wiki.debian.org/Hardening
"During program load, several ELF memory sections need to be written to by the linker, but can be turned read-only before turning over control to the program. This prevents some GOT (and .dtors) overwrite attacks, but at least the part of the GOT used by the dynamic linker (.got.plt) is still vulnerable."
Currently this link flag is already set for libjvm, however not for other binaries.
- backported by
-
JDK-8236621 set relro in linker flags when building with gcc
- Resolved
-
JDK-8247198 set relro in linker flags when building with gcc
- Resolved