Skip to content

Latest commit

 

History

History
26 lines (17 loc) · 1.09 KB

relocation-read-only-relro.md

File metadata and controls

26 lines (17 loc) · 1.09 KB
description
09/16/2023

👽 Relocation Read-Only (RELRO)

Introduction

Partial RELRO (enabled with -Wl,-z,relro):

  • Maps the .got section as read-only (but not .got.plt)
  • Rearranges sections to reduce the likelihood of global variables overflowing into control structures.

Full RELRO (enabled with -Wl,-z,relro,-z,now):

  • Does the steps of Partial RELRO, plus:
  • Causes the linker to resolve all symbols at link time (before starting execution) and then remove write permissions from .got.
  • .got.plt is merged into .got with full RELRO, so you won’t see this section name.

Only full RELRO protects against overwriting function pointers in .got.plt. It works by causing the linker to immediately look up every symbol in the PLT and update the addresses, then mprotect the page to no longer be writable.

Attacking RELRO

{% content-ref url="../overwriting-global-offset-table-got.md" %} overwriting-global-offset-table-got.md {% endcontent-ref %}