diff options
| author | Isaac Freund <mail@isaacfreund.com> | 2022-06-08 14:33:11 +0200 |
|---|---|---|
| committer | Isaac Freund <mail@isaacfreund.com> | 2022-06-08 14:33:11 +0200 |
| commit | 33817794268b5453794f98ee752403ff44693112 (patch) | |
| tree | 5d869719d15d72fb2e14bfdbe5cf32c46ce091ec /src/codegen/llvm.zig | |
| parent | 61844b6bd405b4cca3ab673284609aa6a651d506 (diff) | |
| download | zig-33817794268b5453794f98ee752403ff44693112.tar.gz zig-33817794268b5453794f98ee752403ff44693112.zip | |
linker: Enable full RELRO by default
Full RELRO is a hardening feature that makes it impossible to perform
certian attacks involving overwriting parts of the Global Offset Table
to invoke arbitrary code.
It requires all symbols to be resolved before execution of the program
starts which may have an impact on startup time. However most if
not all popular Linux distributions enable full RELRO by default for
all binaries and this does not seem to make a noticeable difference
in practice.
"Partial RELRO" is equivalent to `-z relro -z lazy`.
"Full RELRO" is equivalent to `-z relro -z now`.
LLD defaults to `-z relro -z lazy`, which means Zig's current `-z relro`
option has no effect on LLD's behavior.
The changes made by this commit are as follows:
- Document that `-z relro` is the default and add `-z norelro`.
- Pass `-z now` to LLD by default to enable full RELRO by default.
- Add `-z lazy` to disable passing `-z now`.
Diffstat (limited to 'src/codegen/llvm.zig')
0 files changed, 0 insertions, 0 deletions