mirror of
https://github.com/opnsense/src.git
synced 2026-05-28 04:12:45 -04:00
2f3a961487
Note that lld enables relro by default, so that we already had either partial or full RELRO, depending on the state of the BIND_NOW knob. Add a RELRO knob so that the option can be disabled if desired, and so that builds using the GNU toolchain are equivalent to those using the standard Clang/LLVM toolchain. Reviewed by: markj MFC after: 3 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35545
12 lines
419 B
Text
12 lines
419 B
Text
.\" $FreeBSD$
|
|
Build all binaries with the
|
|
.Dv DF_BIND_NOW
|
|
flag set to indicate that the run-time loader should perform all relocation
|
|
processing at process startup rather than on demand.
|
|
The combination of the
|
|
.Va BIND_NOW
|
|
and
|
|
.Va RELRO
|
|
options provide "full" Relocation Read-Only (RELRO) support.
|
|
With full RELRO the entire GOT is made read-only after performing relocation at
|
|
startup, avoiding GOT overwrite attacks.
|