Re: Hardening patch
On Wed, 2011-09-07 at 13:46:21 -0700, Kees Cook wrote:
> On Wed, Sep 07, 2011 at 10:37:13PM +0200, Guillem Jover wrote:
> > Also I'm not sure now if this has been brought up before, but the
> > bindnow option might have noticable startup speed impact depending
> > on the amount of symbols and shared objects to resolve and load.
> > The other options seem sane in general.
> This is, thankfully, no longer the case now that the linker uses string
> hashes for symbol resolution. I could not measure a difference in load
> times (any delta seemed lost in the noise) even for giant (firefox,
> openoffice.org) applications.
Ah, you mean the ELF GNU hash (instead of the old SYSV hash), right.
> If anyone can show otherwise, I would be very interested in seeing the
> results. AFAICT, bindnow is entirely a win.
Did you try thoses tests only on fast architectures like i386 and amd64,
or also on slower ones like armel? If there's a significant impact I'd
expect to find it on those slower ones, which are precisely the ones
that would suffer most from it.