Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge #17686: build: add -bind_at_load to macOS hardened LDFLAGS
c78b123 build: add -bind_at_load to hardened LDFLAGS (fanquake) Pull request description: This performs the same function as `-Wl,-z,now`, except for ld on macOS. You can check the binaries using `otool -l`, and looking for the `LC_DYLD_INFO_ONLY` section; `lazy_bind_off` and `lazy_bind_size` should both be 0. This seems to be the case with our current release binaries. However we can make the check, and applying the flag explicit in configure. man ld: ```bash -bind_at_load Sets a bit in the mach header of the resulting binary which tells dyld to bind all symbols when the binary is loaded, rather than lazily. ``` TODO: - [ ] Follow up with `MH_BINDATLOAD` flag. ACKs for top commit: theuni: ACK c78b123. Tree-SHA512: 12259558b84f7e3d75d6fcde63b517685e42b18fcf8e8cfcf347483c5ba089d3b4b6d330e7b7f61f83a328fe4d141b771e8e52ddee9cac6da87dfc073ab1183d
- Loading branch information