ELF RELRO


[:  :]

Question

How do you verify if a binary is compiled with RELRO? What do all the flags mean?

Answer

The docs and online discussions about this are super confusing. The whole point of doing RELRO is to set RTLD_NOW when the linker calls dlopen in some way. This tells the linker to resolve everything before execution (this actually happens before dlopen returns) and map the area the GOT is in as read-only.

This can be done in a few ways:

Since these are linker instructions, there’s nothing stopping a linker from either not supporting something, or ignoring the tag all together.

The best way to verify is to run the binary on the target system and check the memory permissions for the area that the GOT is in. If it’s marked read only, then it was a success.

Trusting tools like readelf or checksec can lead to a false sense of security, as they can be easily manipulated via malicious crafted ELFs, or with linker/compiler/runtime bugs that can lead to weird outcomes.


Tags
ELF · Linux