On Thursday 2022-04-07 02:19, Aaron Puchert wrote:
We did not yet do "Full RELRO" (-z now) as we feared the amount of integration work.
The way the manpages are written, one would not think of -z now (or ld.so LD_BIND_NOW) having ties to relro, but be more of a debugging aid, so that debugger sessions don't go through the symbol resolution
Is that what happens? I thought it would only resolve the symbols that are used, and "resolve all symbols" means resolving all symbols that need to be resolved, i.e. are listed in .dynsym of some loaded ELF file
I did not mean to contradict; indeed there are different interpretations for "all" and "used". - symbols in .dynsym of a library (libstdc++ roughly 5971) - symbols in .rela.dyn/.rela.plt/.dynsym section of an executable (hello world[1] in c++: up to 14 depending on what you count) - set of functions that actually get invoked during runtime (if rand yields 0, cout.operator<< won't be called, so it need not be resolved) [1] #include <iostream> #include <cstdlib> int main() { srand(time(nullptr)); if (rand() & 1) std::cout << "Hello world\n"; } LD_BIND_NOW=1 LD_DEBUG=symbols ./a.out 2>&1|grep -i symbo|sort -u|wc -l 6302 LD_BIND_NOW=0 LD_DEBUG=symbols ./a.out 2>&1|grep -i symbo|sort -u|wc -l 4044