From patchwork Fri Jun 30 01:42:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Siddhesh Poyarekar X-Patchwork-Id: 71864 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0A8653857716 for ; Fri, 30 Jun 2023 01:44:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0A8653857716 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1688089446; bh=N3/ousy8GbhYLDE3iSuCHhfmZUqRj+A5PEt2VtS+ybo=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=Gv11aq/JNJ6gW+YqH83Jtrv7n1JJuxjMB+n98QBaDjHcHYjsPJ6y81yOi7PVyT3r3 UyKQCKYk7wed1ETGtmLND671AuqdEvp8HP1PeyJ7HjM80NMWMUo+oefkUfbqT6MXZs 4ll1/RwATnwJINr9LmCCx0rSsPnYBbdBwZPDZfvI= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from insect.birch.relay.mailchannels.net (insect.birch.relay.mailchannels.net [23.83.209.93]) by sourceware.org (Postfix) with ESMTPS id 402483858CD1 for ; Fri, 30 Jun 2023 01:42:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 402483858CD1 X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9EDC7920DBF; Fri, 30 Jun 2023 01:42:54 +0000 (UTC) Received: from pdx1-sub0-mail-a286.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0166B920DE5 for ; Fri, 30 Jun 2023 01:42:53 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1688089374; a=rsa-sha256; cv=none; b=Y3oh8+Z1ZYxe1Comq3FX2j+Lr3yh/mbTdagRU8C2jvWz9aJ1XpURH1aA/oX3yEh8BPL1If ZE1K8TrKOuwGyCqwU8SC2tY68twrSx8Ef3TlqtG9+y7HepwulRR9H9H4H6KCe6bz+eb9oC 6SqQ+r9QmqYHosEHOtJqvVawnCcaPM/yYVkIdBl8ueutpZeiuUaka57oLVM9jsewKAZIwz gZI0qTZMD2ChAl5h4jHiBggXdLap66pBOJR/HSDKSZBCJs1X7FQkxixXBC9sz4RGVWJYGS g8QW6rX8WueyUStsE35+8L006NRGQVuyUYLNfEfptwh87cUzcqGBGgNRgncHDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1688089374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=N3/ousy8GbhYLDE3iSuCHhfmZUqRj+A5PEt2VtS+ybo=; b=FMOJj0U6XTrvO1FvG/bwjvXJWRVZuNCut7hmO29IiJ9MoJgjDXKNZ2iOf/NE9xoCdcA+w6 e3lFsYkvkFKUTJMrhZer8d1sbisI2HCm3T6+bm7/C1b/xmeNlfms7+xs57Njd/T8CPzRS1 cmK9IatGBoIfVwluZ3hJvLWAtjchlEgsQLbJeNKOWSViNyv6MQnMjCvZ0p9kSlukBVKw61 grnkk3cT8LknxjyGCKwpaQKnrKkHx0BhaqSeU4jKp0OU+layK9Y2wqgFWmuvEtEK9/z5Iz bfsXZMndu6yH9pP3+GN+IolOi4o83hpFafgkvpWTzewMFrlZwPpwBVbAcwUOxA== ARC-Authentication-Results: i=1; rspamd-85899d6fcc-ft6zz; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MC-Copy: stored-urls X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Tart-Trade: 6d6fdf2e3a1d7467_1688089374252_3735940927 X-MC-Loop-Signature: 1688089374252:3520049616 X-MC-Ingress-Time: 1688089374251 Received: from pdx1-sub0-mail-a286.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.104.253.208 (trex/6.9.1); Fri, 30 Jun 2023 01:42:54 +0000 Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-09-174-91-45-44.dsl.bell.ca [174.91.45.44]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a286.dreamhost.com (Postfix) with ESMTPSA id 4QsdP95120z7d for ; Thu, 29 Jun 2023 18:42:53 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH v2 3/4] configure: Disable lazy binding by default Date: Thu, 29 Jun 2023 21:42:45 -0400 Message-ID: <20230630014248.2819836-4-siddhesh@sourceware.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230630014248.2819836-1-siddhesh@sourceware.org> References: <20230629184156.2789945-1-siddhesh@sourceware.org> <20230630014248.2819836-1-siddhesh@sourceware.org> MIME-Version: 1.0 X-Spam-Status: No, score=-1171.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_SOFTFAIL, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Siddhesh Poyarekar via Libc-alpha From: Siddhesh Poyarekar Reply-To: Siddhesh Poyarekar Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" Lazy binding prevents some key security features and is disabled by all major distributions by default. Default to this more secure option and flip the flag to allow disabling it if needed. Signed-off-by: Siddhesh Poyarekar --- INSTALL | 10 +++++----- NEWS | 3 +++ configure | 4 ++-- configure.ac | 6 +++--- manual/install.texi | 9 ++++----- 5 files changed, 17 insertions(+), 15 deletions(-) diff --git a/INSTALL b/INSTALL index f02358e933..88ffe7748f 100644 --- a/INSTALL +++ b/INSTALL @@ -205,11 +205,11 @@ if ‘CFLAGS’ is specified it must enable optimization. For example: of routines called directly from assembler are excluded from this protection. This option is enabled by default and set to ‘strong’. -‘--enable-bind-now’ - Disable lazy binding for installed shared objects and programs. - This provides additional security hardening because it enables full - RELRO and a read-only global offset table (GOT), at the cost of - slightly increased program load times. +‘--disable-bind-now’ + Enable lazy binding for installed shared objects and programs. + Lazy binding may improve program load times but it will disable + security hardening that enables full RELRO and a read-only global + offset table (GOT). ‘--enable-pt_chown’ The file ‘pt_chown’ is a helper binary for ‘grantpt’ (*note diff --git a/NEWS b/NEWS index 47ec0b741c..264fad5d86 100644 --- a/NEWS +++ b/NEWS @@ -52,6 +52,9 @@ Major new features: default. This may be overridden by using the --enable-stack-protector configure option. +* Lazy binding is now disabled by default and can be overridden with the + --disable-bind-now configure flag. + Deprecated and removed features, and other changes affecting compatibility: * In the Linux kernel for the hppa/parisc architecture some of the diff --git a/configure b/configure index 863621cabf..6d4b05df18 100755 --- a/configure +++ b/configure @@ -1462,7 +1462,7 @@ Optional Features: hardcode newly built glibc path in tests [default=no] --disable-hidden-plt do not hide internal function calls to avoid PLT - --enable-bind-now disable lazy relocations in DSOs + --disable-bind-now enable lazy relocations in DSOs --enable-stack-protector=[yes|no|all|strong] Use -fstack-protector[-all|-strong] to detect glibc buffer overflows @@ -4448,7 +4448,7 @@ if test ${enable_bind_now+y} then : enableval=$enable_bind_now; bindnow=$enableval else $as_nop - bindnow=no + bindnow=yes fi diff --git a/configure.ac b/configure.ac index d85452b3b3..6fc72df700 100644 --- a/configure.ac +++ b/configure.ac @@ -213,10 +213,10 @@ if test "x$hidden" = xno; then fi AC_ARG_ENABLE([bind-now], - AS_HELP_STRING([--enable-bind-now], - [disable lazy relocations in DSOs]), + AS_HELP_STRING([--disable-bind-now], + [enable lazy relocations in DSOs]), [bindnow=$enableval], - [bindnow=no]) + [bindnow=yes]) AC_SUBST(bindnow) if test "x$bindnow" = xyes; then AC_DEFINE(BIND_NOW) diff --git a/manual/install.texi b/manual/install.texi index b1aa5eb60c..ae43dc51ac 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -231,11 +231,10 @@ options to detect stack overruns. Only the dynamic linker and a small number of routines called directly from assembler are excluded from this protection. This option is enabled by default and set to @option{strong}. -@item --enable-bind-now -Disable lazy binding for installed shared objects and programs. This -provides additional security hardening because it enables full RELRO -and a read-only global offset table (GOT), at the cost of slightly -increased program load times. +@item --disable-bind-now +Enable lazy binding for installed shared objects and programs. Lazy binding +may improve program load times but it will disable security hardening that +enables full RELRO and a read-only global offset table (GOT). @pindex pt_chown @findex grantpt