Bug 5996

Summary: Enable UCLIBC_BUILD_NOW by Default
Product: uClibc Reporter: Jeffrey Walton <noloader>
Component: OtherAssignee: unassigned
Status: RESOLVED INVALID    
Severity: normal CC: uclibc-cvs
Priority: P5    
Version: 0.9.33.3   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: Target:
Build:

Description Jeffrey Walton 2013-02-28 00:00:54 UTC 
This has security implications too. Surely Gingerbreak and its attack on the PLT has not been forgotten??? (The PLT was used as a jumping off point or trampoline).

The trade off (microsecond for the early bind) versus wiping out an entire class of vulnerabilities seems like a win.

  | This tells the linker to resolve all symbols when the library is        │  
  │ first loaded, rather than when each function is first called.  This     │  
  │ increases start-up latency by a few microseconds and may do             │  
  │ unnecessary work (resolving symbols that are never used), but the       │  
  │ realtime people like it for making microbenchmark timings slightly      │  
  │ more predictable and in some cases it can be slightly faster due to     │  
  │ CPU cache behavior (not having to fault the linker back in to do        │  
  │ lazy symbol resolution).
Comment 1 Bernhard Reutner-Fischer 2013-02-28 12:16:37 UTC 
see 'make help' and 'make config', 'make menuconfig'