RELRO

Relocation Read-Only

Relocation Read-Only (or RELRO) is a security measure against GOT overwrite.

There are two RELRO "modes": partial and full.

Partial RELRO

Partial RELRO is the default setting in GCC.

Partial RELRO offers little additional protection, aside from ensuring that the Global Offset Table (GOT) is located in memory before the BSS (Block Started by Symbol) section. This eliminates the risk of a buffer overflow on a global variable overwriting GOT entries.

Full RELRO

Full RELRO makes the entire GOT read-only which removes the ability to perform a "GOT overwrite" attack.

Full RELRO is not a default compiler setting as it can greatly increase program startup time since all symbols must be resolved before the program is started. In large programs with thousands of symbols that need to be linked, this could cause a noticable delay in startup time.

PreviousASLR NextInteger overflow

Last updated 2 years ago