ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Disable and disallow static linking

Browse Source 
Linking BIND 9 programs and libraries statically disables several
important features:

  * dlopen() - relied on by dynamic loading of modules, dlz, and dyndb,

  * RELRO (read-only relocations) and ASLR (address space layout
    randomization) - security features which are important for any
    program interacting with the network and/or user input.

Disable and disallow linking BIND 9 binaries statically, thus enforcing
dlopen() support and allowing use of RELRO and ASLR by default.
This commit is contained in:
Ondřej Surý
2020-06-16 10:38:46 +02:00
committed by Ondřej Surý
parent 789e5f4a4b
commit a7bed56845
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configure.ac
View File

@@ -119,7 +119,10 @@ AX_POSIX_SHELL
AC_PROG_MKDIR_P
# Initialize libtool
LT_INIT([dlopen])
LT_INIT([disable-static dlopen pic-only])
AS_IF([test $enable_static != "no"],
[AC_MSG_ERROR([Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)])])
LT_CONFIG_LTDL_DIR([libltdl])
LTDL_INIT([recursive])