Comment by countWSS
6 hours ago
IFUNC should be implemented by software itself, like switching functions on runtime/compile checks. Why bother having a slower, insecure version that is less flexible than a function pointer? I have to agree with author. Glibc is filled with even more nasty hacks ripe for new exploits.
I agree so much and wished this was the main focus of the debate. It's more a question of why does this exist in the first place and not of how did they abuse it. Building only from source is the minimum required transparency and a CI/CD pipeline able to manipulate the artifact before release takes this away. I remember the outrage, when serde (i think it was) wanted to ship parts as pre-compiled binaries for build performance reasons...