Public bug reported: Full RELRO is only used when PIE is (i.e., it is not being used for libraries).
Full RELRO has the advantage of making the Global Offset Table (GOT) read-only, which prevents GOT overwrite attacks. This requires resolving all dynamic symbols at program startup, instead of lazily loading addresses. There is some start-up performance cost to this, which we pay for PIE built binaries. See how `-z now` is used in: https://git.launchpad.net/ubuntu/+source/gcc-14/tree/debian/patches/gcc-distro-specs.diff Also, should it be `-Wl,-z,now` instead of `-z now` ? Cheers to @tobhe who identified and diagnosed this. ** Affects: gcc-14 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2078989 Title: Full RELRO dependent on PIE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gcc-14/+bug/2078989/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
