diff options
author | fanquake <fanquake@gmail.com> | 2019-12-17 15:58:55 -0500 |
---|---|---|
committer | fanquake <fanquake@gmail.com> | 2019-12-17 16:32:18 -0500 |
commit | 47f45b677653c496a40acff00d11bd0e175ee058 (patch) | |
tree | bdf6fe54382ecd807aed818eb3b756c18df4d400 /Makefile.am | |
parent | ab4e6ad7629430d02d101417e010228c1099f0ae (diff) | |
parent | c78b123982d59fe2d633659f23d6893de627f3f6 (diff) |
Merge #17686: build: add -bind_at_load to macOS hardened LDFLAGS
c78b123982d59fe2d633659f23d6893de627f3f6 build: add -bind_at_load to hardened LDFLAGS (fanquake)
Pull request description:
This performs the same function as `-Wl,-z,now`, except for ld on macOS.
You can check the binaries using `otool -l`, and looking for the `LC_DYLD_INFO_ONLY` section; `lazy_bind_off` and `lazy_bind_size` should both be 0.
This seems to be the case with our current release binaries. However we can make the check, and applying the flag explicit in configure.
man ld:
```bash
-bind_at_load
Sets a bit in the mach header of the resulting binary which tells dyld
to bind all symbols when the binary is loaded, rather than lazily.
```
TODO:
- [ ] Follow up with `MH_BINDATLOAD` flag.
ACKs for top commit:
theuni:
ACK c78b123982d59fe2d633659f23d6893de627f3f6.
Tree-SHA512: 12259558b84f7e3d75d6fcde63b517685e42b18fcf8e8cfcf347483c5ba089d3b4b6d330e7b7f61f83a328fe4d141b771e8e52ddee9cac6da87dfc073ab1183d
Diffstat (limited to 'Makefile.am')
0 files changed, 0 insertions, 0 deletions