The following commit has been merged in the master branch:
commit 5ee616c4765be813eae60e00108f358b20e077ec
Author: Kees Cook <[email protected]>
Date: Wed Dec 28 15:22:55 2011 -0800
dpkg-buildflags(1): clarify the relationship between relro/bindnow
Clarify the documentation about how bindnow will be forced off if relro
is not enabled or available.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Raphaël Hertzog <[email protected]>
diff --git a/man/dpkg-buildflags.1 b/man/dpkg-buildflags.1
index a018edb..b86ae0d 100644
--- a/man/dpkg-buildflags.1
+++ b/man/dpkg-buildflags.1
@@ -231,7 +231,8 @@ This setting (enabled by default) adds
to \fBLDFLAGS\fP. During program load, several ELF memory sections need
to be written to by the linker. This flags the loader to turn these
sections read-only before turning over control to the program. Most
-notably this prevents GOT overwrite attacks.
+notably this prevents GOT overwrite attacks. If this option is disabled,
+\fBbindnow\fP will become disabled as well.
.
.TP
.B bindnow
@@ -239,7 +240,7 @@ This setting (disabled by default) adds
.B \-Wl,\-z,now
to \fBLDFLAGS\fP. During program load, all dynamic symbols are resolved,
allowing for the entire PLT to be marked read-only (due to \fBrelro\fP
-above).
+above). The option cannot become enabled if \fBrelro\fP is not enabled.
.
.TP
.B pie
--
dpkg's main repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
