[Oisf-devel] [PATCH] Add relro flags to libhtp
Will Metcalf
william.metcalf at gmail.com
Thu Dec 15 16:23:33 UTC 2011
We will probably handle relo detection/use using the following .m4 file.
Regards,
Will
https://github.com/ironbee/ironbee/blob/master/acinclude/gcc_characteristics.m4
On Thu, Dec 15, 2011 at 10:20 AM, Steve Grubb <sgrubb at redhat.com> wrote:
> On Thursday, December 15, 2011 11:10:23 AM Victor Julien wrote:
>> > The main suricata program can detect and use relro/bind now linker flags.
>> > But the directive is per linked object. This means that while the app
>> > has protection, its code segment containing libhtp does not. The patch
>> > below passes the configure option to libhtp and let's it make use of the
>> > compiler's security protection.
>>
>> Applied, thanks Steve. I'll forward your mail to the upstream libhtp
>> project as well.
>
> They may want to separate the flags because bind now will affect the startup time
> of all programs linked to it. If they do, you may want to separate suricata's
> flag directives so that they can be independently enabled. For suricata, we want
> it on since its looking at malicious packets.
>
> -Steve
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
More information about the Oisf-devel
mailing list