Re: ELF Binary Stripper?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just to try and clarify one thing.

Mike McCarty wrote:
>If it has *security* benefits (as hinted at by Ulrich Drepper), they
>aren't documented.

This was in reference to Ulrich's comment:
>If you don't want the extra security re-prelinking provides, comment out
>the PRELINK_FULL_TIME_INTERVAL definition in the config file.

The issue here is that if the dynamic linker always puts a shared object
at the same place in memory there's a danger that some malware can
exploit that knowledge.  So someone had the bright idea that the linker
should use random addresses every time it dynamically links a shared
object.

Now, even if prelinking uses random addresses when it runs they're still
fixed thereafter, so it can be seen as reducing security.

What Ulrich was saying is that running prelink (with randomisation) again
from time to time will provide more security than not doing that.  Though
this is still less than the advantage you'd get from not using prelinking
at all and having things randomised every time.

So, there's no security benefit in using prelink as compared to dynamic
linking with randomisation.

Ron


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux