 | This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) (Learn how and when to remove this message)
|
Incomputing,prebinding, also calledprelinking, is a method for optimizing application load times by resolving library symbols prior to launch.
Mostcomputer programs consist of code that requires externalshared libraries to execute. These libraries are normally integrated with the program at run time by aloader, in a process calleddynamic linking.
While dynamic linking has advantages in code size and management, there are drawbacks as well. Every time a program is run, the loader needs to resolve (find) the relevant libraries. Since libraries move around in memory, there is a performance penalty for resolution. This penalty increases for each additional library needing resolution.
Prelinking reduces this penalty by resolving libraries in advance. Afterward, resolution only occurs if the libraries have changed since being prelinked, such as following perhaps an upgrade.
Mac OS storesexecutables in theMach-Ofile format.
Mac OS X performs prebinding in the "Optimizing" stage of installing system software or certain applications.
Prebinding has changed a few times within the Mac OS X series. Before 10.2, prebinding only happened during the installation procedure (the aforementioned "Optimizing" stage). From 10.2 through 10.3 the OS checked for prebinding at launch time for applications, and the first time an application ran it would be prebound, making subsequent launches faster. This could also be manually run, which some OS-level installs did. In 10.4, only OS libraries were prebound. In 10.5 and later, Apple replaced prebinding with adyld sharedcache mechanism,[1] which provided better OS performance.
On Linux, prelinking is accomplished via theprelink program, afreeprogram written byJakub Jelínek ofRed Hat forELFbinaries.
Performance results have been mixed[clarification needed], but it seems to aid systems with a large number of libraries, such asKDE.[2]
When run with the "-R" option, prelink will randomly select the address base where libraries are loaded. This selection makes areturn-to-libc attack harder to perform because the addresses are unique to that system. The reason prelink does this is because kernel facilities supplyingaddress space layout randomization (ASLR) for libraries cannot be used in conjunction with prelink without defeating the purpose of prelink and forcing the dynamic linker to perform relocations at program load time.
As stated, prelink and per-process library address randomization cannot be used in conjunction. In order to avoid completely removing this security enhancement, prelink supplies its own randomization; however, this does not help a general information leak caused by prelink. Attackers with the ability to read certain arbitrary files on the target system can discover where libraries are loaded in privileged daemons; often libc is enough as it is the most common library used inreturn-to-libc attacks.
By reading a shared library file such as libc, an attacker with local access can discover the load address of libc in every other application on the system. Since most programs link to libc, the libc library file always has to be readable; any attacker with local access may gather information about the address space of higher privileged processes. Local access may commonly be gained by shell accounts orWeb server accounts that allow the use of CGI scripts, which may read and output any file on the system.[citation needed] Directory traversal vulnerabilities can be used by attackers without accounts if CGI script vulnerabilities are available.
Because prelink is often run periodically, typically every two weeks, the address of any given library has a chance of changing over time. prelink is often used in an incremental mode in which already prelinked libraries are not altered unless absolutely necessary, so a library may not change itsbase address when prelink is re-run. This gives any address derived a half-life of the period in which prelink is run. Also note that if a new version of the library is installed, the addresses change.
Jakub Jelínek points out thatposition-independent executables (PIE) ignore prelinking onRed Hat Enterprise Linux andFedora, and recommends that network andSUID programs be built PIE to facilitate a more secure environment.
Occasionally, prelinking can cause issues withapplication checkpoint and restart libraries likeblcr,[3] as well as other libraries (likeOpenMPI) that useblcr internally. Specifically when checkpointing a program on one host, and trying to restart on a different host, the restarted program may fail with asegfault due to differences in host-specific librarymemory address randomization.[4][5][unreliable source?]
{{cite journal}}:Cite journal requires|journal= (help)prelink(8): prelink ELF shared libraries and binaries to speed up startup time – Linux Administration and Privileged CommandsManual