Date: Wed, 15 Mar 2017 23:57:49 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: Konstantin Belousov <kib@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r315331 - in head/libexec/rtld-elf: . aarch64 amd64 arm i386 mips powerpc powerpc64 riscv sparc64 Message-ID: <20170315225749.GB8141@stack.nl> In-Reply-To: <201703152111.v2FLBwrD051923@repo.freebsd.org> References: <201703152111.v2FLBwrD051923@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 15, 2017 at 09:11:58PM +0000, Konstantin Belousov wrote: > Author: kib > Date: Wed Mar 15 21:11:57 2017 > New Revision: 315331 > URL: https://svnweb.freebsd.org/changeset/base/315331 > Log: > Implement LD_BIND_NOT knob for rtld. > From the manpage: > When set to a nonempty string, prevents modifications of the PLT slots > when doing bindings. As result, each call of the PLT-resolved > function is resolved. In combination with debug output, this provides > complete account of all bind actions at runtime. > Same feature exists on Linux and Solaris. Since this feature heavily affects timing (possibly making race conditions easier to exploit) and may prevent making parts of the GOT read-only, it seems a good idea to treat this environment variable as dangerous for setuid and setgid processes. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170315225749.GB8141>