mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 17:44:17 +01:00
1b291848bf
The shared library load order randomization randomizes the whole Directed Acyclic Graph (DAG). This can cause issues with resolving symbols where a given symbol is present in multiple shared objects. Given that the first symbol resolved wins the race, when an application or a library depends on a symbol from one library, yet another library that contains a symbol of the same name is loaded first, the wrong symbol will be resolved. Most applications don't have issues with this. However, it can happen. Recently, a user has noticed this happens with bsdgrep from base when WITHOUT_GNU_GREP_COMPAT isn't set in src.conf(5). This is due to bsdgrep depending on libgnuregex by default. libgnuregex implements some symbols of the same name as other libraries bsdgrep depends on. In preparation for HardenedBSD 11.0-RELEASE, do not use shared library load order randomization by default, but make it available with a src.conf(5) knob: WITH_SHLIBRANDOM. After 11.0-RELEASE, the shared library load order randomization will be refactored to support symbol resolutions in the original load order, yet still randomize the load order of each dependant shared object. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> github-issue: #204 MFC-to: 10-STABLE
2 lines
53 B
Plaintext
2 lines
53 B
Plaintext
Enable randomizing the load order of shared objects.
|