$AUUGid: www/data/events/2004/auug2004/theo/mgp00024.txt,v 1.1 2004/09/04 08:42:52 davidp Exp $ Reducing write access even more: The .rodata segment Readonly strings and pointers were stored in the .text segment Gave them PROT_READ | PROT_EXEC Meaning const data could be executed (could be code an attacker could use) But this is ELF, not a.out... so create a new segment called .rodata These objects are now PROT_READ; they lose PROT_EXEC Basically this is all part of ensuring objects in the address space have the minimal set of permissions