Re: Hardening patch
On Wed, Sep 07, 2011 at 10:37:13PM +0200, Guillem Jover wrote:
> Also I'm not sure now if this has been brought up before, but the
> bindnow option might have noticable startup speed impact depending
> on the amount of symbols and shared objects to resolve and load.
> The other options seem sane in general.
This is, thankfully, no longer the case now that the linker uses string
hashes for symbol resolution. I could not measure a difference in load
times (any delta seemed lost in the noise) even for giant (firefox,
If anyone can show otherwise, I would be very interested in seeing the
results. AFAICT, bindnow is entirely a win.
> All minus signs that can end up being copy&pasted into a runnable
> command, etc. need to be escaped as in \- so that man does not turn
> them into hyphens.
Ah, yes, good catch. Thanks! :)
Kees Cook @debian.org