GitLab

Linking with -z now is a modest security improvement because it allows the linker to set more of its data structures to be read-only after initialization. For the non-loadable X servers this can be enabled trivially.

For the loadable server - i.e., Xorg the xfree86 DDX - we're still carrying the legacy of the old elfloader, in that our modules expect to work if loaded before all the other modules they might call. For example, vbe and int10 can be (and are) loaded in arbitrary order by drivers, even though vbe depends on symbols defined in int10. So this is really a question of reducing the number of modules that we build and ensuring that the remaining ones can satisfy their needed symbols from the X server directly. I think all that would be needed for this to work is:

• merge int10 and vbe as a single loadable object, and teach the loader to know this
• link fb directly into the server executable, since you're almost certainly going to load it anyway
• modify the modesetting driver to LoaderSymbol() for things it plans to call from glamor or shadow

External drivers that wanted to link with -z now would need to do similar LoaderSymbol tricks.