From 5430ccace8c8a054eeac644d45067cafa84eff6c Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Apr 25 2019 20:09:56 +0000
Subject: F30 Change: Build non-RELRO ELF binaries with .plt.got isolation


For https://pagure.io/fedora-docs/release-notes/issue/189.

---

diff --git a/modules/release-notes/pages/sysadmin/Distribution.adoc b/modules/release-notes/pages/sysadmin/Distribution.adoc
index 4a6485e..6493236 100644
--- a/modules/release-notes/pages/sysadmin/Distribution.adoc
+++ b/modules/release-notes/pages/sysadmin/Distribution.adoc
@@ -24,3 +24,10 @@ The link flags used for Fedora packages have been updated to skip
 libraries which are not used by the executable. This removes the
 dependencies on those librararies from various packages, making
 their installation slightly more efficient.
+
+== Binaries provided by the distribution have additional hardening
+
+The link flags used for Fedora packages have been updated to make the
+array of function pointers which is used to implement dynamic linking
+(the GOT) read-only at runtime. This makes it harder for exploit
+writers to overwrite these function pointers and redirect execution.