What else can be used instead of readelf to find the security implementation details in Linux system


It is unclear what you mean by „assessing the security feature“ or „find the security implementation details“.

For dynamically-linked libraries, executing objdump with the -R flag outputs most of the information that readelf -r would. You could also try executing objdump with the -r flag.

readelf -r displays the information in an ELF binary’s .rela.plt and (if present) .rela.dyn sections:



Displays the contents of the file’s relocation section, if it has one.

For objdump:



Print the relocation entries of the file. If used with -d or -D, the relocations are printed interspersed with the disassembly.



Print the dynamic relocation entries of the file. This is only meaningful for dynamic objects, such as certain types of shared libraries. As for -r, if used with -d or -D, the relocations are printed interspersed with the disassembly.

The information in these sections pertains to symbol resolution:

Relocation is the process of connecting symbolic references with symbolic definitions. For example, when a program calls a function, the associated call instruction must transfer control to the proper destination address at execution. Relocatable files must have information that describes how to modify their section contents. This information allows executable and shared object files to hold the right information for a process’s program image. Relocation entries are these data.

Unfortunately, you don’t share any information about the binary being analyzed, but there is a good chance that most of the memory addresses (offsets) of symbolic definitions reside in the Global Offset Table.

What this has to do with „security features“ is not clear to me.

Kommentieren Sie den Artikel

Please enter your comment!
Please enter your name here