Re: Hardening patch
On Tue, 20 Sep 2011, Guillem Jover wrote:
> I took the commit out from my push because this was still under
> discussion, that does not mean I've changed my mind though and I
> still do not really feel comfortable uploading a dpkg defaulting
> to bind now.
[...]
> I've written some of this in some previous mail, but I'll repeat. This
> can have real impact on performance, it potentially affects the whole
> archive (once it all switches to using dpkg-buildflags), and even on
> overally fast archiectures it might still affect a range of its slow
> systems, once bind now is set on an object (via DF_1_NOW, DF_BIND_NOW
> or DT_BIND_NOW) it cannot be disabled by neither of dlopen(RTLD_LAZY)
> nor environment variables, it's trading an optimization with a security
> measure.
Ok, you have convinced me. Please put your commit back and change the
default to disabled.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Follow my Debian News ▶ http://RaphaelHertzog.com (English)
▶ http://RaphaelHertzog.fr (Français)
Reply to: