| Message ID | 20230629184156.2789945-4-siddhesh@sourceware.org |
|---|---|
| State | New |
| Headers | show |
| Series | Update default build configuration | expand |
On Fri, 30 Jun 2023 at 06:42, Siddhesh Poyarekar via Libc-alpha < libc-alpha@sourceware.org> wrote: > Lazy binding is a key security feature and is enabled by all major > distributions by default. This seems backwards. "Lazy binding prevents some key security features and is disabled by all major distributions by default"? Or something like that? Cheers, mwh > Default to this more secure option and flip > the flag to allow disabling it if needed. > > Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> > --- > INSTALL | 10 +++++----- > NEWS | 3 +++ > configure | 4 ++-- > configure.ac | 6 +++--- > manual/install.texi | 9 ++++----- > 5 files changed, 17 insertions(+), 15 deletions(-) > > diff --git a/INSTALL b/INSTALL > index f02358e933..88ffe7748f 100644 > --- a/INSTALL > +++ b/INSTALL > @@ -205,11 +205,11 @@ if ‘CFLAGS’ is specified it must enable > optimization. For example: > of routines called directly from assembler are excluded from this > protection. This option is enabled by default and set to ‘strong’. > > -‘--enable-bind-now’ > - Disable lazy binding for installed shared objects and programs. > - This provides additional security hardening because it enables full > - RELRO and a read-only global offset table (GOT), at the cost of > - slightly increased program load times. > +‘--disable-bind-now’ > + Enable lazy binding for installed shared objects and programs. > + Lazy binding may improve program load times but it will disable > + security hardening that enables full RELRO and a read-only global > + offset table (GOT). > > ‘--enable-pt_chown’ > The file ‘pt_chown’ is a helper binary for ‘grantpt’ (*note > diff --git a/NEWS b/NEWS > index 47ec0b741c..264fad5d86 100644 > --- a/NEWS > +++ b/NEWS > @@ -52,6 +52,9 @@ Major new features: > default. This may be overridden by using the --enable-stack-protector > configure option. > > +* Lazy binding is now disabled by default and can be overridden with the > + --disable-bind-now configure flag. > + > Deprecated and removed features, and other changes affecting > compatibility: > > * In the Linux kernel for the hppa/parisc architecture some of the > diff --git a/configure b/configure > index 863621cabf..6d4b05df18 100755 > --- a/configure > +++ b/configure > @@ -1462,7 +1462,7 @@ Optional Features: > hardcode newly built glibc path in tests > [default=no] > --disable-hidden-plt do not hide internal function calls to avoid PLT > - --enable-bind-now disable lazy relocations in DSOs > + --disable-bind-now enable lazy relocations in DSOs > --enable-stack-protector=[yes|no|all|strong] > Use -fstack-protector[-all|-strong] to detect > glibc > buffer overflows > @@ -4448,7 +4448,7 @@ if test ${enable_bind_now+y} > then : > enableval=$enable_bind_now; bindnow=$enableval > else $as_nop > - bindnow=no > + bindnow=yes > fi > > > diff --git a/configure.ac b/configure.ac > index d85452b3b3..6fc72df700 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -213,10 +213,10 @@ if test "x$hidden" = xno; then > fi > > AC_ARG_ENABLE([bind-now], > - AS_HELP_STRING([--enable-bind-now], > - [disable lazy relocations in DSOs]), > + AS_HELP_STRING([--disable-bind-now], > + [enable lazy relocations in DSOs]), > [bindnow=$enableval], > - [bindnow=no]) > + [bindnow=yes]) > AC_SUBST(bindnow) > if test "x$bindnow" = xyes; then > AC_DEFINE(BIND_NOW) > diff --git a/manual/install.texi b/manual/install.texi > index b1aa5eb60c..ae43dc51ac 100644 > --- a/manual/install.texi > +++ b/manual/install.texi > @@ -231,11 +231,10 @@ options to detect stack overruns. Only the dynamic > linker and a small > number of routines called directly from assembler are excluded from this > protection. This option is enabled by default and set to @option{strong}. > > -@item --enable-bind-now > -Disable lazy binding for installed shared objects and programs. This > -provides additional security hardening because it enables full RELRO > -and a read-only global offset table (GOT), at the cost of slightly > -increased program load times. > +@item --disable-bind-now > +Enable lazy binding for installed shared objects and programs. Lazy > binding > +may improve program load times but it will disable security hardening that > +enables full RELRO and a read-only global offset table (GOT). > > @pindex pt_chown > @findex grantpt > -- > 2.41.0 > >
On 2023-06-29 17:54, Michael Hudson-Doyle wrote: > On Fri, 30 Jun 2023 at 06:42, Siddhesh Poyarekar via Libc-alpha > <libc-alpha@sourceware.org <mailto:libc-alpha@sourceware.org>> wrote: > > Lazy binding is a key security feature and is enabled by all major > distributions by default. > > > This seems backwards. "Lazy binding prevents some key security features > and is disabled by all major distributions by default"? Or > something like that? Yeah I got the git commit description wrong; I meant to write "bind-now is a key security feature", but I like your version better. Thanks, fixed my commit log. Sid
diff --git a/INSTALL b/INSTALL index f02358e933..88ffe7748f 100644 --- a/INSTALL +++ b/INSTALL @@ -205,11 +205,11 @@ if ‘CFLAGS’ is specified it must enable optimization. For example: of routines called directly from assembler are excluded from this protection. This option is enabled by default and set to ‘strong’. -‘--enable-bind-now’ - Disable lazy binding for installed shared objects and programs. - This provides additional security hardening because it enables full - RELRO and a read-only global offset table (GOT), at the cost of - slightly increased program load times. +‘--disable-bind-now’ + Enable lazy binding for installed shared objects and programs. + Lazy binding may improve program load times but it will disable + security hardening that enables full RELRO and a read-only global + offset table (GOT). ‘--enable-pt_chown’ The file ‘pt_chown’ is a helper binary for ‘grantpt’ (*note diff --git a/NEWS b/NEWS index 47ec0b741c..264fad5d86 100644 --- a/NEWS +++ b/NEWS @@ -52,6 +52,9 @@ Major new features: default. This may be overridden by using the --enable-stack-protector configure option. +* Lazy binding is now disabled by default and can be overridden with the + --disable-bind-now configure flag. + Deprecated and removed features, and other changes affecting compatibility: * In the Linux kernel for the hppa/parisc architecture some of the diff --git a/configure b/configure index 863621cabf..6d4b05df18 100755 --- a/configure +++ b/configure @@ -1462,7 +1462,7 @@ Optional Features: hardcode newly built glibc path in tests [default=no] --disable-hidden-plt do not hide internal function calls to avoid PLT - --enable-bind-now disable lazy relocations in DSOs + --disable-bind-now enable lazy relocations in DSOs --enable-stack-protector=[yes|no|all|strong] Use -fstack-protector[-all|-strong] to detect glibc buffer overflows @@ -4448,7 +4448,7 @@ if test ${enable_bind_now+y} then : enableval=$enable_bind_now; bindnow=$enableval else $as_nop - bindnow=no + bindnow=yes fi diff --git a/configure.ac b/configure.ac index d85452b3b3..6fc72df700 100644 --- a/configure.ac +++ b/configure.ac @@ -213,10 +213,10 @@ if test "x$hidden" = xno; then fi AC_ARG_ENABLE([bind-now], - AS_HELP_STRING([--enable-bind-now], - [disable lazy relocations in DSOs]), + AS_HELP_STRING([--disable-bind-now], + [enable lazy relocations in DSOs]), [bindnow=$enableval], - [bindnow=no]) + [bindnow=yes]) AC_SUBST(bindnow) if test "x$bindnow" = xyes; then AC_DEFINE(BIND_NOW) diff --git a/manual/install.texi b/manual/install.texi index b1aa5eb60c..ae43dc51ac 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -231,11 +231,10 @@ options to detect stack overruns. Only the dynamic linker and a small number of routines called directly from assembler are excluded from this protection. This option is enabled by default and set to @option{strong}. -@item --enable-bind-now -Disable lazy binding for installed shared objects and programs. This -provides additional security hardening because it enables full RELRO -and a read-only global offset table (GOT), at the cost of slightly -increased program load times. +@item --disable-bind-now +Enable lazy binding for installed shared objects and programs. Lazy binding +may improve program load times but it will disable security hardening that +enables full RELRO and a read-only global offset table (GOT). @pindex pt_chown @findex grantpt
Lazy binding is a key security feature and is enabled by all major distributions by default. Default to this more secure option and flip the flag to allow disabling it if needed. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> --- INSTALL | 10 +++++----- NEWS | 3 +++ configure | 4 ++-- configure.ac | 6 +++--- manual/install.texi | 9 ++++----- 5 files changed, 17 insertions(+), 15 deletions(-)