From a7bed56845b3d0c2bed37e88e3ba49e40fb2b114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 16 Jun 2020 10:38:46 +0200 Subject: [PATCH] Disable and disallow static linking Linking BIND 9 programs and libraries statically disables several important features: * dlopen() - relied on by dynamic loading of modules, dlz, and dyndb, * RELRO (read-only relocations) and ASLR (address space layout randomization) - security features which are important for any program interacting with the network and/or user input. Disable and disallow linking BIND 9 binaries statically, thus enforcing dlopen() support and allowing use of RELRO and ASLR by default. --- configure.ac | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 53d2116daa..6a651da2e5 100644 --- a/configure.ac +++ b/configure.ac @@ -119,7 +119,10 @@ AX_POSIX_SHELL AC_PROG_MKDIR_P # Initialize libtool -LT_INIT([dlopen]) +LT_INIT([disable-static dlopen pic-only]) + +AS_IF([test $enable_static != "no"], + [AC_MSG_ERROR([Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)])]) LT_CONFIG_LTDL_DIR([libltdl]) LTDL_INIT([recursive])