-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: add '-z relro -z now' linker flags #20513
Conversation
These flags could make some sections and the GOT entries of node process read only to avoid being modified after dynamic linking is done, thus the security could be enhanced. Fixes: nodejs#20122
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Labeling semver-major.
CI: https://ci.nodejs.org/job/node-test-pull-request/14662/
citgm: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1395/
@bnoordhuis Thanks for trigger the CI test. |
@tingshao Looks like a flaky test, probably nothing to worry about. citgm looks okay too, insofar as I can decode the results. |
Landed in 2d4dd10 🎉 |
These flags could make some sections and the GOT entries of node process read only to avoid being modified after dynamic linking is done, thus the security could be enhanced. Fixes: #20122 PR-URL: #20513 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
These flags could make some sections and the GOT entries of node
process read only to avoid being modified after dynamic linking is
done, thus the security could be enhanced.
Fixes: #20122
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes