Re: RFR [XS] 8234809: set relro in linker flags when building with gcc - was RE: binary Hardening on linux using Relocation Read-Only (relro)

* Matthias Baesken: > Florian, may I add you as reviewer ? Sure, but I don't have a formal reviewer role. Thanks, Florian

RE: RFR [XS] 8234809: set relro in linker flags when building with gcc - was RE: binary Hardening on linux using Relocation Read-Only (relro)

nd > >> https://bugzilla.redhat.com/show_bug.cgi?id=1571359 > >> correct, RedHat is setting those flags already via the build system . > >> > >> Regarding "bindnow" (ld -z now) , this might be set additionally by > using -- > >> wit

Re: RFR [XS] 8234809: set relro in linker flags when building with gcc - was RE: binary Hardening on linux using Relocation Read-Only (relro)

derstanding is that it's always a performance compromise. I would involve at least hotspot-dev for a wider discussion on this as libjvm is the most affected library. /Erik On 2019-11-25 06:42, Baesken, Matthias wrote: Hello, I wonder why the binary hardening on linux using Relocation Read

Re: binary Hardening on linux using Relocation Read-Only (relro)

* Matthias Baesken: > If I understand > https://bugzilla.redhat.com/show_bug.cgi?id=1571359 > correct, RedHat is setting those flags already via the build system . BFD ld in binutils defaults to relro, except perhaps on s390x where your version might not implement the partial RELRO variant that

RFR [XS] 8234809: set relro in linker flags when building with gcc - was RE: binary Hardening on linux using Relocation Read-Only (relro)

sing -- > with-extra-ldflags . > > > Best regards, Matthias > > > > Hello, > > > > I wasn't directly involved in introducing these flags, but my > > understanding is that it's always a performance compromise. I would > > involve at leas

RE: binary Hardening on linux using Relocation Read-Only (relro)

st affected library. > > /Erik > > On 2019-11-25 06:42, Baesken, Matthias wrote: > > Hello, I wonder why the binary hardening on linux using Relocation > Read-Only (relro) is not enabled by default. > > > > Some info can be found here : > > >

Re: binary Hardening on linux using Relocation Read-Only (relro)

* Claes Redestad: > On 2019-11-25 18:30, Florian Weimer wrote: >> That being said, relocation processing for libjvm.so adds a couple of >> milliseconds to startup, and it looks like their number is growing with >> each release. > > This piqued my interest, so I took a quick look: > > readelf --rel

Re: binary Hardening on linux using Relocation Read-Only (relro)

On 2019-11-25 18:30, Florian Weimer wrote: That being said, relocation processing for libjvm.so adds a couple of milliseconds to startup, and it looks like their number is growing with each release. This piqued my interest, so I took a quick look: readelf --relocs libjvm.so | wc -l 8: 8563

Re: binary Hardening on linux using Relocation Read-Only (relro)

* Matthias Baesken: > For "-Wl,-z,now" some startup performance hits are mentioned in > articles/blogs - any experiences / performance-measurements with this > in the OpenJDK context ? While libjvm.so needs a staggering amount of relocations, most of them are relative. They are not eligible for

Re: binary Hardening on linux using Relocation Read-Only (relro)

hias wrote: Hello, I wonder why the binary hardening on linux using Relocation Read-Only (relro) is not enabled by default. Some info can be found here : https://wiki.debian.org/Hardening https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro Currently I n

binary Hardening on linux using Relocation Read-Only (relro)

Hello, I wonder why the binary hardening on linux using Relocation Read-Only (relro) is not enabled by default. Some info can be found here : https://wiki.debian.org/Hardening https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro Currently I notice