Disable and disallow static linking

Linking BIND 9 programs and libraries statically disables several
important features:

  * dlopen() - relied on by dynamic loading of modules, dlz, and dyndb,

  * RELRO (read-only relocations) and ASLR (address space layout
    randomization) - security features which are important for any
    program interacting with the network and/or user input.

Disable and disallow linking BIND 9 binaries statically, thus enforcing
dlopen() support and allowing use of RELRO and ASLR by default.

diff --git a/configure.ac b/configure.ac
index 53d2116daa67462e9e158f1451a0278786865bac..6a651da2e5c10fa14bcbf2df0d639525b34d07aa 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -119,7 +119,10 @@ AX_POSIX_SHELL
 AC_PROG_MKDIR_P
 
 # Initialize libtool
-LT_INIT([dlopen])
+LT_INIT([disable-static dlopen pic-only])
+
+AS_IF([test $enable_static != "no"],
+      [AC_MSG_ERROR([Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)])])
 
 LT_CONFIG_LTDL_DIR([libltdl])
 LTDL_INIT([recursive])