From patchwork Thu Jun 29 18:41:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 1801591 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=cbo/kC6k; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QsS4573MRz20Zc for ; Fri, 30 Jun 2023 04:42:29 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4D4E53857720 for ; Thu, 29 Jun 2023 18:42:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4D4E53857720 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1688064147; bh=uhsXR5bNp63+HfbJ5BTfmkkIOfl5lz+PUBLS5ZJCAyA=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=cbo/kC6kHivPlU/ce7hX9YnJ1bN8gey8c7Fj6zTiC2Yc4A4ux+lGXbeNWoPLSSoz/ IzpJGaReUnBTDqMrYr96z4p1NR97xONba3u+DzQqWMXAaAXuiqRbqHtT3FnjgA7bwl lKZcOH44fqikAgaJMrX58QpSkcbT3n/FWttxvg/4= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from black.elm.relay.mailchannels.net (black.elm.relay.mailchannels.net [23.83.212.19]) by sourceware.org (Postfix) with ESMTPS id 50DF2385840D for ; Thu, 29 Jun 2023 18:42:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 50DF2385840D X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9BD8B5C132A; Thu, 29 Jun 2023 18:42:06 +0000 (UTC) Received: from pdx1-sub0-mail-a286.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 1F5585C161C for ; Thu, 29 Jun 2023 18:42:06 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1688064126; a=rsa-sha256; cv=none; b=Ws/c/RohEe/2RO7EhU6sEvrUZUEIwOgUVu5mqxTmj67G3eVqUQDMDbbjo1Doe2nwepkf+V /8Moc5JZ0aWi/Gl1a0TNp6Rj+Laxzh3enroGvtmx6Qs0uLVW2z9byRTDSlGaYs4ZNKH/GW 0RNByVlXUBn/U/e1cZztJzI03L1tgNFKUmB/NOmTolMSPfu2Wca5ZKE/jCXLMCEEReBcK9 2qqqSGB8Z3vxyg4pXvqxPyxO6SYWqSJ/lifKDEr8CSbw1xmTqywC4/dKxYsG7wcF3WPzNh LfETzEckZY8PnkshJCLETSDETgZfylpo3ZnQegT9mpntn1Lhx1b2OYJSq3/fcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1688064126; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uhsXR5bNp63+HfbJ5BTfmkkIOfl5lz+PUBLS5ZJCAyA=; b=Ok+Rw+5cR3LuXjO/Mj9J3pM+wi82cT8+S5EcPV4mEkwkSJomM/NmqdPj1XlkltfSguIUcB SZ1C1MWwg2K+MjsL1F+aJV4hu77FOhlBRtowqdgrjBAyfp2M6IFZdGdX4iZ+mNMWQSJb/g W4M5/sDytpUVd1PRq1dZpkAJ4L/cgjoPxuIGiNWPExcJxSV1caIHAQfTTSaRYr9TRYXpHZ w+TE4NjGQ30RVaesaa3y2+annn+ipQey92aeQsPZbmKtbDS3hUUY9zoWJfX5wcuUrgxrB5 cX/K54vlNFoccGKcBhGB2kPltcxere33frm3D1HJLYH/Goq5/Ctk0AclTpr/JA== ARC-Authentication-Results: i=1; rspamd-9fcc56855-wpjxr; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MC-Copy: stored-urls X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Scare-Arch: 27d936265cf1a804_1688064126355_1264608382 X-MC-Loop-Signature: 1688064126355:1130238540 X-MC-Ingress-Time: 1688064126355 Received: from pdx1-sub0-mail-a286.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.126.30.17 (trex/6.9.1); Thu, 29 Jun 2023 18:42:06 +0000 Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-09-174-91-45-44.dsl.bell.ca [174.91.45.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a286.dreamhost.com (Postfix) with ESMTPSA id 4QsS3d52Fqz2D for ; Thu, 29 Jun 2023 11:42:05 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH 3/4] Disable lazy binding by default Date: Thu, 29 Jun 2023 14:41:46 -0400 Message-ID: <20230629184156.2789945-4-siddhesh@sourceware.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230629184156.2789945-1-siddhesh@sourceware.org> References: <20230629184156.2789945-1-siddhesh@sourceware.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1172.7 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Sender: "Libc-alpha" Lazy binding is a key security feature and is enabled by all major distributions by default. Default to this more secure option and flip the flag to allow disabling it if needed. Signed-off-by: Siddhesh Poyarekar --- INSTALL | 10 +++++----- NEWS | 3 +++ configure | 4 ++-- configure.ac | 6 +++--- manual/install.texi | 9 ++++----- 5 files changed, 17 insertions(+), 15 deletions(-) diff --git a/INSTALL b/INSTALL index f02358e933..88ffe7748f 100644 --- a/INSTALL +++ b/INSTALL @@ -205,11 +205,11 @@ if ‘CFLAGS’ is specified it must enable optimization. For example: of routines called directly from assembler are excluded from this protection. This option is enabled by default and set to ‘strong’. -‘--enable-bind-now’ - Disable lazy binding for installed shared objects and programs. - This provides additional security hardening because it enables full - RELRO and a read-only global offset table (GOT), at the cost of - slightly increased program load times. +‘--disable-bind-now’ + Enable lazy binding for installed shared objects and programs. + Lazy binding may improve program load times but it will disable + security hardening that enables full RELRO and a read-only global + offset table (GOT). ‘--enable-pt_chown’ The file ‘pt_chown’ is a helper binary for ‘grantpt’ (*note diff --git a/NEWS b/NEWS index 47ec0b741c..264fad5d86 100644 --- a/NEWS +++ b/NEWS @@ -52,6 +52,9 @@ Major new features: default. This may be overridden by using the --enable-stack-protector configure option. +* Lazy binding is now disabled by default and can be overridden with the + --disable-bind-now configure flag. + Deprecated and removed features, and other changes affecting compatibility: * In the Linux kernel for the hppa/parisc architecture some of the diff --git a/configure b/configure index 863621cabf..6d4b05df18 100755 --- a/configure +++ b/configure @@ -1462,7 +1462,7 @@ Optional Features: hardcode newly built glibc path in tests [default=no] --disable-hidden-plt do not hide internal function calls to avoid PLT - --enable-bind-now disable lazy relocations in DSOs + --disable-bind-now enable lazy relocations in DSOs --enable-stack-protector=[yes|no|all|strong] Use -fstack-protector[-all|-strong] to detect glibc buffer overflows @@ -4448,7 +4448,7 @@ if test ${enable_bind_now+y} then : enableval=$enable_bind_now; bindnow=$enableval else $as_nop - bindnow=no + bindnow=yes fi diff --git a/configure.ac b/configure.ac index d85452b3b3..6fc72df700 100644 --- a/configure.ac +++ b/configure.ac @@ -213,10 +213,10 @@ if test "x$hidden" = xno; then fi AC_ARG_ENABLE([bind-now], - AS_HELP_STRING([--enable-bind-now], - [disable lazy relocations in DSOs]), + AS_HELP_STRING([--disable-bind-now], + [enable lazy relocations in DSOs]), [bindnow=$enableval], - [bindnow=no]) + [bindnow=yes]) AC_SUBST(bindnow) if test "x$bindnow" = xyes; then AC_DEFINE(BIND_NOW) diff --git a/manual/install.texi b/manual/install.texi index b1aa5eb60c..ae43dc51ac 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -231,11 +231,10 @@ options to detect stack overruns. Only the dynamic linker and a small number of routines called directly from assembler are excluded from this protection. This option is enabled by default and set to @option{strong}. -@item --enable-bind-now -Disable lazy binding for installed shared objects and programs. This -provides additional security hardening because it enables full RELRO -and a read-only global offset table (GOT), at the cost of slightly -increased program load times. +@item --disable-bind-now +Enable lazy binding for installed shared objects and programs. Lazy binding +may improve program load times but it will disable security hardening that +enables full RELRO and a read-only global offset table (GOT). @pindex pt_chown @findex grantpt