Just to try and clarify one thing. Mike McCarty wrote: >If it has *security* benefits (as hinted at by Ulrich Drepper), they >aren't documented. This was in reference to Ulrich's comment: >If you don't want the extra security re-prelinking provides, comment out >the PRELINK_FULL_TIME_INTERVAL definition in the config file. The issue here is that if the dynamic linker always puts a shared object at the same place in memory there's a danger that some malware can exploit that knowledge. So someone had the bright idea that the linker should use random addresses every time it dynamically links a shared object. Now, even if prelinking uses random addresses when it runs they're still fixed thereafter, so it can be seen as reducing security. What Ulrich was saying is that running prelink (with randomisation) again from time to time will provide more security than not doing that. Though this is still less than the advantage you'd get from not using prelinking at all and having things randomised every time. So, there's no security benefit in using prelink as compared to dynamic linking with randomisation. Ron
