Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security risks #910

Open
KiWiLss opened this issue Apr 2, 2024 · 0 comments
Open

Security risks #910

KiWiLss opened this issue Apr 2, 2024 · 0 comments

Comments

@KiWiLss
Copy link

KiWiLss commented Apr 2, 2024

hello!
We are have vulnerability scanning for our app. It indicates we have security risk since we do not enable the Canary and RELRO when compile this lib. But actually, we only copy and use this lib, that's the reason we are asking your help. :)

For Canary, there is following link for your reference. It is an stack cookie, when the function return, it will check the cookie firstly to ensure the stack is not overwritten (to prevent the return address manipulation in the stack for exploit). The link is for QNX, but the concept and mechanism is similar. It is recommend to enable this check to protect the stack. To open the check fully, with option: -fstack-protector-all
https://www.qnx.com/developers/docs/8.0/com.qnx.doc.security.system/topic/manual/stack_protection.html .

For RELRO, there is following link for your reference. It tries to protect from the lib address manipulation.
https://www.qnx.com/developers/docs/8.0/com.qnx.doc.security.system/topic/manual/developer_relro.html

Would you please help check whether it is possible to enable those two options in the release, then we can get rid of those security warning? Thanks.

The warning message is as follows:
This shared object does not have RELRO enabled.The entire GOT(.got and .got.plt both)are writable. Without this compiler flag, bugger overflows on a global variable can overwrite GOT entries. Use the option -z,relro,-z,now to enable full RELRO and only -z,relro to enable partial RELRO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant