From 2d6ab5df3b675e96ee587ae6a8c2ce004c6b1ba9 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 2 Mar 2017 14:44:28 +0100
Subject: Document and fix --enable-bind-now [BZ #21015]

---
 INSTALL | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'INSTALL')

diff --git a/INSTALL b/INSTALL
index 3b3fd12..e77cb2d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -146,6 +146,12 @@ will be used, and CFLAGS sets optimization options for the compiler.
      of routines called directly from assembler are excluded from this
      protection.
 
+'--enable-bind-now'
+     Disable lazy binding for installed shared objects.  This provides
+     additional security hardening because it enables full RELRO and a
+     read-only global offset table (GOT), at the cost of slightly
+     increased program load times.
+
 '--enable-pt_chown'
      The file 'pt_chown' is a helper binary for 'grantpt' (*note
      Pseudo-Terminals: Allocation.) that is installed setuid root to fix
-- 
cgit v1.1