From: Ondřej Surý <ondrej@isc.org>
Date: Tue, 16 Jun 2020 08:38:46 +0000 (+0200)
Subject: Disable and disallow static linking
X-Git-Tag: v9.17.3~41^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7bed56845b3d0c2bed37e88e3ba49e40fb2b114;p=thirdparty%2Fbind9.git

Disable and disallow static linking

Linking BIND 9 programs and libraries statically disables several
important features:

  * dlopen() - relied on by dynamic loading of modules, dlz, and dyndb,

  * RELRO (read-only relocations) and ASLR (address space layout
    randomization) - security features which are important for any
    program interacting with the network and/or user input.

Disable and disallow linking BIND 9 binaries statically, thus enforcing
dlopen() support and allowing use of RELRO and ASLR by default.
---

diff --git a/configure.ac b/configure.ac
index 53d2116daa6..6a651da2e5c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -119,7 +119,10 @@ AX_POSIX_SHELL
 AC_PROG_MKDIR_P
 
 # Initialize libtool
-LT_INIT([dlopen])
+LT_INIT([disable-static dlopen pic-only])
+
+AS_IF([test $enable_static != "no"],
+      [AC_MSG_ERROR([Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)])])
 
 LT_CONFIG_LTDL_DIR([libltdl])
 LTDL_INIT([recursive])