git: a2b289608d6b - main - mitigations.7: briefly explain RELRO
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Oct 2023 20:44:54 UTC
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a2b289608d6b54b6e1ce85096560807e551bb5ac commit a2b289608d6b54b6e1ce85096560807e551bb5ac Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-10-06 14:37:55 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-10-06 20:44:07 +0000 mitigations.7: briefly explain RELRO Reviewed by: bcr (earlier), kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D42107 --- share/man/man7/mitigations.7 | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7 index 8023f094d678..fed16d7b325f 100644 --- a/share/man/man7/mitigations.7 +++ b/share/man/man7/mitigations.7 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 5, 2023 +.Dd October 6, 2023 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -50,10 +50,10 @@ Position Independent Executable (PIE) Write XOR Execute page protection policy .It .Dv PROT_MAX -".It -"Read-Only Relocation (RELRO) -.\".It -.\"Bind Now +.It +Relocation Read-Only (RELRO) +.It +Bind Now .\".It .\"Stack Smashing Protection (SSP) .\".It @@ -192,8 +192,25 @@ may be made writable by a future .Xr mprotect call, but may not be made executable. .\" -.\".Ss Read-Only Relocation (RELRO) -.\" +.Ss Relocation Read-Only (RELRO) +Relocation Read-Only (RELRO) is a mitigation tool that makes certain portions +of a program's address space that contain ELF metadata read-only, after +relocation processing by +.Xr rtld 1 . +.Pp +When enabled in isolation the RELRO option provides +.Em partial RELRO +support. +In this case the Procedure Linkage Table (PLT)-related part of the +Global Offset Table (GOT) (in the section typically named .got.plt) remains +writable. +.Pp +RELRO is enabled by default. +The +.Xr src.conf 5 +build-time option +.Va WITHOUT_RELRO +may be used to disable it. .Ss BIND_NOW The .Va WITH_BIND_NOW @@ -205,11 +222,12 @@ The run-time loader .Xr rtld 1 will then perform all relocation processing when the process starts, instead of on demand (on the first access to each symbol). +.Pp When enabled in combination with .Dv RELRO (which is enabled by default) this provides -.Qt full -RELRO, the entire GOT (.got and .got.plt) are made read-only at program startup, +.Em full RELRO . +The entire GOT (.got and .got.plt) are made read-only at program startup, preventing attacks on the relocation table. Note that this results in a nonstandard Application Binary Interface (ABI), and it is possible that some applications may not function correctly.