On 12/17/19 10:11 PM, Thomas Huth wrote: >> +# Detect support for DT_BIND_NOW. >> +if compile_prog "" "-Wl,-z,now" ; then >> + LDFLAGS="-Wl,-z,now $LDFLAGS" >> +fi >> + >> +# Detect support for PT_GNU_RELRO. >> +if compile_prog "" "-Wl,-z,relro" ; then >> + LDFLAGS="-Wl,-z,relro $LDFLAGS" >> +fi > > Looking at > https://mudongliang.github.io/2016/07/11/relro-a-not-so-well-known-memory-corruption-mitigation-technique.html > the idea of specifying these two options together was likely to get > "Full RELRO" instead of only "Partial RELRO".
Sure. > Thus, does it make sense to have "-Wl,-z,now" without "-Wl,-z,relro" in > QEMU? Or should this rather check whether both are possible, then use > both, otherwise just try to use "relro" alone? Honestly, I expect them both to be supported in any binutils. I split the two tests just because they didn't seem to be logically connected. But I had forgotten about, or perhaps never heard, the terms "full" and "partial" relro. I can put them back together with an appropriate comment it you like. One less thing to run during configure... r~
