On Thu, 2015-09-17 at 12:00 +0100, Steve Grubb wrote: > Also, the full RELRO thing is a bit oversold. You need it if the > executable is PIE, and that's not needed in the general case. There are > far worse problems that are easy to fix that are not getting attention. > With the RELRO thing, you already have to have an exploit that allows > writing arbitrary memory under attacker control. Most vulnerabilities > just don't have this quality about them. Honestly the security benefits are a sideshow to me. Full relro and eager binding means that C's const keyword actually works. That alone justifies the effort to me. > What is more important is preventing common vulnerabilities from > achieving control over execution with simple heap and stack corruption > bugs. Hopefully we can start addressing this in F24. I look forward to your patches. - ajax -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
