5 Apr
2022
5 Apr
'22
09:51
On Tuesday 2022-04-05 11:24, Marcus Meissner wrote:
SUSE has built everything with "Partial RELRO" for a long time (via a default in binutils). (-z relro)
We did not yet do "Full RELRO" (-z now) as we feared the amount of integration work.
The way the manpages are written, one would not think of -z now (or ld.so LD_BIND_NOW) having ties to relro, but be more of a debugging aid, so that debugger sessions don't go through the symbol resolution trampolines. There has got to be some speed penalty when a process that received libstdc++.so.6 by "accident" now has to resolve 6000ish symbols even if unused.