On 26 Aug 2016, at 15:18, Warner Losh <i...@bsdimp.com> wrote: > > So what's the summary of why we'd want to do that? What benefit does it bring? > Sure, other folks do it, but why?
It reduce the attack surface for code reuse attacks: non-PLT GOT entries are read-only and so can’t be manipulated by a memory safety bug. It doesn’t provide much mitigation, but it also doesn’t cost very much - some security for a negligible cost is probably a sensible thing to pick. When combined with RTLD_NOW, it provides more hardening, but at a much more significant cost (bigger startup times - much bigger for things like OpenOffice or Firefox, some forms of interposition break, and so on). That’s still probably worth it for some things (sshd, for example). David
smime.p7s
Description: S/MIME cryptographic signature
