On Thu, Feb 27, 2020 at 3:11 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Thu, Feb 27, 2020 at 4:05 PM William Roberts > <bill.c.roberts@xxxxxxxxx> wrote: > > > > On Thu, Feb 27, 2020 at 2:43 PM Ulrich Drepper <drepper@xxxxxxxxxx> wrote: > > > The use of the hidden infrastructure is not just a means to reduce > > > overhead in the form of PLTs. It also ensures that internals for the > > > library don't leak out. > > > > Linker script? We just use a map file that has everything local except for what > > we want to export. > > That just controls what is exported. The hidden_proto/hidden_def > stuff is to ensure that when libselinux calls one of its own exported > symbols, that symbol resolves to the actual libselinux implementation > and not something provided by some other DSO earlier in the search > path, which is otherwise possible. Sure, but do we actually care about that? If we actually do care, we could throw a script in the build to make sure anything in the linker script map is not used internally. Right now, all this DSO hygiene and look up protection is opt-in, which usually always results in missed cases. With the linker script, it's opt-out, which is usually always how you want to do things.
