Ticket #1183 (closed task: fixed)
Don't enable prelink by default in Fedora
|Reported by:||halfie||Owned by:|
|Cc:||fweimer, zbyszek, fche, michich, jankratochvil, jakub, kzak||Blocked By:|
I am proposing that prelink should *not* be enabled by *default* in Fedora.
This proposal has already been discussed on the "security" and "devel" mailing lists. See "prelink performance gains" thread  for various benchmarks and more information. Overall, the performance gains of prelink can't be distinguished over "background noise" in many (or even most) cases. Additionally, there seems to be a consensus on disabling prelink by default (from my understanding of the discussion thread).
There are some technologies which reduce the need for prelink . These include:
- Symbol visibility support, which when used properly, reduces dramatically the number of symbols to resolve and hence the amount of time taken to resolve them. Debian (and Ubuntu) already turn on this "-Bsymbolic-functions" flag.
- Hash tables, which will be generated by the linker and included as a extra section in the ELF file, which make looking up symbols to resolve them nearly free.
For a summary of issues with enabling prelink, please see http://lwn.net/Articles/341244/ article. In summary,
- It (prelink) does not play nice with checksum integrity tools (e.g. AIDE). It does not play nice with "rpm -V".
- Disables ASLR for non-PIE files (for up to 2 weeks and majority of the binaries are non-PIE). Yes, we are already working on making setuid programs and network daemons use PIE but this will take time.
- It adds complexity and fragility to Fedora (think complicated prelink blacklists, complicated cron job exclusion with sysconfig).
- It (prelink) breaks FIPS mode for multiple applications.
- Has *long-standing* known "direct or in-direct" bugs.
- Other distributions do NOT enable prelink by default. "Fedora and Red Hat Enterprise Linux (RHEL) enable pre-linking by default, while most other distributions make prelink available, but seem unconvinced that the benefits are substantial enough to make it the default." (LWN)
- We don't need another https://bugzilla.redhat.com/show_bug.cgi?id=509655 sort of thing happening. "Overall, pre-linking is a bit of a hack, and it is far from clear that its benefits are substantial enough to overcome that." (LWN)
- "Though prelink does provide a benefit, it may be a bit hard to justify as time goes on. For some, who are extremely sensitive to start up time costs, it may make a great deal of sense, but it may well be that for the majority of users, the annoyance and dangers are just not worth it." (LWN)
- It has been observed that if you are low on disk space and you prelink your entire system then there is a possibility that your binaries may be truncated. The result being a b0rked system (Arch Linux Wiki).
Florian says that the performance differences (for shell-bench, see ) are about the same for PPC64 when compared with AMD64 numbers.
Disabling prelink by *default* should be fine (unexpected things shouldn't happen). We have already disabled prelink in Fedora live images. See  for more information.
Here are the benefits of disabling prelink by default,
- Checksum integrity and other software work as expected.
- We get ASLR for almost all applications (by doing nothing extra!). This includes applications like Firefox and Evince.
- No more "unexpected" I/O burden of running prelink from cron every day.
In summary, while prelink made sense before, it no longer does on modern hardware. Additionally, as time goes, prelink will provide even more diminishing results.