[Oisf-devel] [PATCH] Add relro flags to libhtp
Steve Grubb
sgrubb at redhat.com
Thu Dec 15 16:20:50 UTC 2011
On Thursday, December 15, 2011 11:10:23 AM Victor Julien wrote:
> > The main suricata program can detect and use relro/bind now linker flags.
> > But the directive is per linked object. This means that while the app
> > has protection, its code segment containing libhtp does not. The patch
> > below passes the configure option to libhtp and let's it make use of the
> > compiler's security protection.
>
> Applied, thanks Steve. I'll forward your mail to the upstream libhtp
> project as well.
They may want to separate the flags because bind now will affect the startup time
of all programs linked to it. If they do, you may want to separate suricata's
flag directives so that they can be independently enabled. For suricata, we want
it on since its looking at malicious packets.
-Steve
More information about the Oisf-devel
mailing list