aboutsummaryrefslogtreecommitdiff
path: root/docs/TODO
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-10-08 12:17:26 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-10-08 12:17:26 +0200
commitf74baaf3b3c8a4297d40322bf0ea9a6e136a3a73 (patch)
tree6ba6baf96e0a200c23e45ef378c56b49ba94bb30 /docs/TODO
parente11da9f4b7e0404790b85bccaac2c2b334c4ca26 (diff)
TODO: build: Enable PIE and RELRO by default
Diffstat (limited to 'docs/TODO')
-rw-r--r--docs/TODO14
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/TODO b/docs/TODO
index 7d454171d..68b6c2094 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -154,6 +154,7 @@
19. Build
19.1 roffit
+ 19.2 Enable PIE and RELRO by default
20. Test suite
20.1 SSL tunnel
@@ -1014,6 +1015,19 @@ that doesn't exist on the server, just like --ftp-create-dirs.
Consider extending 'roffit' to produce decent ASCII output, and use that
instead of (g)nroff when building src/tool_hugehelp.c
+19.2 Enable PIE and RELRO by default
+
+ Especially when having programs that execute cURL via the command line, PIE
+ renders the exploitation of memory corruption vulnerabilities a lot more
+ difficult. This can be attributed to the additional information leaks being
+ required to conduct a successful attack. RELRO, on the other hand, masks
+ different binary sections like the GOT as read-only and thus kills a handful
+ of techniques that come in handy when attackers are able to arbitrarily
+ overwrite memory. A few tests showed that enabling these features had close
+ to no impact, neither on the performance nor on the general functionality of
+ cURL.
+
+
20. Test suite
20.1 SSL tunnel