Reducing write access even more: The .rodata segment


Readonly strings and pointers were stored in the .text segment
Gave them PROT_READ | PROT_EXEC

Meaning const data could be executed (could be code an
attacker could use)

But this is ELF, not a.out... so create a new segment called .rodata

These objects are now PROT_READ; they lose PROT_EXEC

Basically this is all part of ensuring objects in the address space
have the

                                 minimal set of permissions