Document and fix --enable-bind-now [BZ #21015]

(cherry picked from commit 2d6ab5df3b675e96ee587ae6a8c2ce004c6b1ba9)
author: Florian Weimer <fweimer@redhat.com> 2017-03-02 20:11:27 +0100
committer: Florian Weimer <fweimer@redhat.com> 2017-03-02 20:11:27 +0100
commit: 69e0a87cc4c570e3b7218392fc3e743b5bddcce2 (patch)
tree: 3f348444a8d3ea84015d9282c7dbc9e341eb4aab /INSTALL
parent: 93cf93e06ce123439e41d3d62790601c313134cb (diff)
download: glibc-69e0a87cc4c570e3b7218392fc3e743b5bddcce2.tar.gz
glibc-69e0a87cc4c570e3b7218392fc3e743b5bddcce2.tar.xz
glibc-69e0a87cc4c570e3b7218392fc3e743b5bddcce2.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/INSTALL b/INSTALL
index 3b3fd121b2..e77cb2d4e2 100644
--- a/INSTALL
+++ b/INSTALL
@@ -146,6 +146,12 @@ will be used, and CFLAGS sets optimization options for the compiler.
      of routines called directly from assembler are excluded from this
      protection.
 
+'--enable-bind-now'
+     Disable lazy binding for installed shared objects.  This provides
+     additional security hardening because it enables full RELRO and a
+     read-only global offset table (GOT), at the cost of slightly
+     increased program load times.
+
 '--enable-pt_chown'
      The file 'pt_chown' is a helper binary for 'grantpt' (*note
      Pseudo-Terminals: Allocation.) that is installed setuid root to fix
author	Florian Weimer <fweimer@redhat.com>	2017-03-02 20:11:27 +0100
committer	Florian Weimer <fweimer@redhat.com>	2017-03-02 20:11:27 +0100
commit	69e0a87cc4c570e3b7218392fc3e743b5bddcce2 (patch)
tree	3f348444a8d3ea84015d9282c7dbc9e341eb4aab /INSTALL
parent	93cf93e06ce123439e41d3d62790601c313134cb (diff)
download	glibc-69e0a87cc4c570e3b7218392fc3e743b5bddcce2.tar.gz glibc-69e0a87cc4c570e3b7218392fc3e743b5bddcce2.tar.xz glibc-69e0a87cc4c570e3b7218392fc3e743b5bddcce2.zip