Security risks #910
Description
hello!
We are have vulnerability scanning for our app. It indicates we have security risk since we do not enable the Canary and RELRO when compile this lib. But actually, we only copy and use this lib, that's the reason we are asking your help. :)
For Canary, there is following link for your reference. It is an stack cookie, when the function return, it will check the cookie firstly to ensure the stack is not overwritten (to prevent the return address manipulation in the stack for exploit). The link is for QNX, but the concept and mechanism is similar. It is recommend to enable this check to protect the stack. To open the check fully, with option: -fstack-protector-all
https://www.qnx.com/developers/docs/8.0/com.qnx.doc.security.system/topic/manual/stack_protection.html .
For RELRO, there is following link for your reference. It tries to protect from the lib address manipulation.
https://www.qnx.com/developers/docs/8.0/com.qnx.doc.security.system/topic/manual/developer_relro.html
Would you please help check whether it is possible to enable those two options in the release, then we can get rid of those security warning? Thanks.
The warning message is as follows:
This shared object does not have RELRO enabled.The entire GOT(.got and .got.plt both)are writable. Without this compiler flag, bugger overflows on a global variable can overwrite GOT entries. Use the option -z,relro,-z,now to enable full RELRO and only -z,relro to enable partial RELRO.