Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Feb 2012 19:25:39 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: -Wl,-z,now (was: %optflags for new gcc)

On Tue, Feb 07, 2012 at 11:13:38PM +0400, Vasiliy Kulikov wrote:
> On Sun, Feb 05, 2012 at 13:59 +0400, Solar Designer wrote:
> > In case we enable -Wl,-z,now as gcc default, how do we (or our users)
> > disable it on individual occasions?  For relro, there's norelro - but is
> > there a nonow?
> 
> It is -z,lazy.

Oh, indeed.  We need to document our changed defaults and ways to
override them prominently.

> > Or should we even patch our dynamic linker such that it'd assume
> > LD_BIND_NOW for SUID/SGIDs?
> 
> That's a good idea.

...except that suexec specifically might be intentionally built without
-z now.

Anyway, I don't really mind.  Let's proceed.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ