On 18/12/2019 17.58, Richard Henderson wrote: > On 12/17/19 10:11 PM, Thomas Huth wrote: >>> +# Detect support for DT_BIND_NOW. >>> +if compile_prog "" "-Wl,-z,now" ; then >>> + LDFLAGS="-Wl,-z,now $LDFLAGS" >>> +fi >>> + >>> +# Detect support for PT_GNU_RELRO. >>> +if compile_prog "" "-Wl,-z,relro" ; then >>> + LDFLAGS="-Wl,-z,relro $LDFLAGS" >>> +fi >> >> Looking at >> https://mudongliang.github.io/2016/07/11/relro-a-not-so-well-known-memory-corruption-mitigation-technique.html >> the idea of specifying these two options together was likely to get >> "Full RELRO" instead of only "Partial RELRO". > > Sure. > >> Thus, does it make sense to have "-Wl,-z,now" without "-Wl,-z,relro" in >> QEMU? Or should this rather check whether both are possible, then use >> both, otherwise just try to use "relro" alone? > > Honestly, I expect them both to be supported in any binutils. > > I split the two tests just because they didn't seem to be logically connected. > But I had forgotten about, or perhaps never heard, the terms "full" and > "partial" relro. > > I can put them back together with an appropriate comment it you like. One > less > thing to run during configure...
Yes, please. Thanks, Thomas
