We've hardened Linux builds by enabling PIE and RELRO, and should continue to try hardening Linux builds by enabling BIND_NOW. With both RELRO and BIND_NOW enabled, we can stop all GOT overwrite attacks. The same hardening option has been enabled in official Chrome/Chromium builds since more than five years ago. This helps to improve the security of a whole range of applications built upon Electron, including sensetive ones such as Signal-Desktop. Signed-off-by: Tom Li <tomli@tomli.me>
This commit is contained in:
#DeleteGithub
Samuel Attard
parent
22597474e0
commit
049381c6ac
1 changed files with 2 additions and 0 deletions
|
|
@ -257,6 +257,8 @@
|
|||
'ldflags': [
|
||||
# Build as Position-Independent Executable to mitigate exploitations.
|
||||
'-pie',
|
||||
# Enable BIND_NOW to prevent GOT overwrite attacks.
|
||||
'-Wl,-z,now',
|
||||
],
|
||||
},
|
||||
'cflags_cc': [
|
||||
|
|
|
|||
Loading…
Reference in a new issue