CME-112

RELRO and PIE (Full)

Harden OS/Kernel High Confidence

Description

Compiler/linker hardening that makes the Global Offset Table read-only after relocation (Full RELRO) and builds position-independent executables (PIE), working with ASLR to randomize all code sections.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H GOT overwrite attacks blocked; all code addresses randomized

CWE Relationships

CWE-119 CWE-120 CWE-787 CWE-416

Verification

Check binary for Full RELRO and PIE

$ readelf -l /usr/bin/ls | grep GNU_RELRO
# Expected: GNU_RELRO
Platform: linux
$ file /usr/bin/ls | grep 'shared object'
# Expected: shared object
Platform: linux
← CME-111: Secure Boot (UEFI) CME-113: Control Flow Integrity (CFI / Shadow Call Stack) →