New hardened build support (coming) in F16

John Reiser jreiser at bitwagon.com
Mon Aug 8 23:51:11 UTC 2011


> * 3: what does this mean for you?

... and your users, and your software maintenance budget:

If you enable it, then the apps in your package:

1) Cannot be prelink-ed.  This likely costs time and space (RAM, swap)
at run time.  The magnitude of the cost can vary from almost nothing
to several seconds and hundreds of pages per invocation.  An app
which uses a large number of shared libraries might incur the highest
costs, because if an app is not prelinked itself then the runtime
linker ld-linux must ignore any prelinking of the shared libraries
that the app uses.

2) Might produce different results, especially if any of LD_PRELOAD,
dlopen, dlsym(RTLD_NEXT,), or ltrace is involved.  [Most of this
is due to using "-z now".]

3) Might reveal formerly-hidden bugs which depend on numerical values
or accidental relationships of addresses at run time.

4) Might be harder to debug when the bug is intermittent or is observed
only in an end-user environment.


Most apps ought to be good enough [by now] so that 2), 3), and 4)
do not matter.  But 1) might be important.

-- 


More information about the devel mailing list