From owner-freebsd-current@FreeBSD.ORG Sat May 10 21:25:34 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98E5D72F for ; Sat, 10 May 2014 21:25:34 +0000 (UTC) Received: from mail-qa0-x233.google.com (mail-qa0-x233.google.com [IPv6:2607:f8b0:400d:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 53AD2BFF for ; Sat, 10 May 2014 21:25:34 +0000 (UTC) Received: by mail-qa0-f51.google.com with SMTP id w8so5460431qac.38 for ; Sat, 10 May 2014 14:25:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=dPvPr9A3b2zsTGqS6n54IPEBcCpFQJbUI8Uw/GnmVXQ=; b=HSwREK1R3W0DygZ1lANwRKoblsMHXE1k27KbvELIrd+eYQDNQyaPoKWzt/mqPJ8E1g lu41kJl+F9DHk8Ib1yWTPlbDYjr24kL5hpwsqymn3R9IYkJYCG+fmsRtF1naaz2Dxm64 3Fgso5/wC+qbsLZsdiqkncpQMpo97wejpKLOMhLLpISi60fehXFwJXG0p+EP6qbxRaxZ 9HEgTeyZUQvc8hmY1j+GIMll1hQfvphdjRG0g7q+4aq0Q6AVT1oVDTWEpThrjCOomvuP JaVv0zwQgH4ojngD/KaHAnt3zsAhWghHQZWxu7Sq4YKxyHpFoM0bhqWGtqe7z7sfdJep d/sQ== X-Received: by 10.224.98.141 with SMTP id q13mr26170777qan.64.1399757133541; Sat, 10 May 2014 14:25:33 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id b11sm4029979qgd.38.2014.05.10.14.25.32 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 May 2014 14:25:32 -0700 (PDT) Date: Sat, 10 May 2014 17:25:31 -0400 From: Shawn Webb To: Warner Losh Subject: Re: Recent Changes to WITH_*/WITHOUT_* in src Message-ID: <20140510212531.GT3063@pwnie.vrt.sourcefire.com> References: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JT7Km6uNxtC1LbQY" Content-Disposition: inline In-Reply-To: <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2014 21:25:34 -0000 --JT7Km6uNxtC1LbQY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On May 10, 2014 02:14 PM -0600, Warner Losh wrote: >=20 > On May 10, 2014, at 10:45 AM, Shawn Webb wrote: >=20 > > Hey All, > >=20 > > It seems that the recent changes to the makefiles for building > > world/kernel have broken some modifications I have locally for > > implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd > > ask for a bit of help. I'm sure the solution is quite simple. > >=20 > > My code is up on GitHub. I'll include links at the bottom of the email. > >=20 > > The code in question is in share/mk/bsd.prog.mk, where I'm checking to > > see if MK_PIE is not equal to "no". Prior to the recent changes, this > > code used to work. (Please note that I know that the way I'm cheking is > > a bit bloated, if anyone has any suggestions to trim my code down, let > > me know). >=20 > You?ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since > bsd.*.mk files need it. >=20 Thanks a lot! Adding it to that one worked. But what's the difference between the DEFAULT_NO_OPTIONS in src.opts.mk and bsd.opts.mk? > > How this feature is supposed to work is: > > 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building > > applications as position-independent executables opt-in. > > 2) User adds WITH_PIE=3D1 to /etc/src.conf or /etc/make.conf > > 3) The application being built needs to also specify CAN_PIE=3D1 in its > > Makefile. This is because some applications don't support being built as > > a position-independent executable. > > 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional > > CFLAGS. > >=20 > > The log from my build is here: http://ix.io/cf0 > >=20 > > My code is here: > > https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/s= hare/mk/bsd.prog.mk#L14-L22 >=20 > Maybe RESCUE should define NO_SHARED=3Dyes since it is building a > static binary so you can eliminate a special case that infects the bsd.*.= mk files > with defines from our src build? >=20 That sounds like a good idea. Since that's outside the scope of my ASLR work, should I file a PR for that? > Hate that you are propagating the NO_SHARED=3Dno interface, but can?t > offer at better suggestion at the moment. I?d kinda like to kill that? In looking at the Makefiles, it seems like NO_*/YES_* is being phased out. Once a suitable alternative to NO_SHARED is in place, I'll make adjustments on my end. Thanks, Shawn --JT7Km6uNxtC1LbQY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTbplKAAoJEGqEZY9SRW7ueVsP/0Kk6q8aivPirhYTXr6tH4si m3EYhOidzKDzsTS0cFkOqFc3IqnRJfuTWsuReyF3pWnWIZXa0aYV/ILJPFnjCsQD HBFAL9Be8BHyReyVCjKOqn6XllxqywGCqlS4QRBVS4cZZTAxe/q0Jb87z48MFWHn khIhRDSHmL96PSZxxh4X0+JJzDLoIcHNxxwIZrUWbjVLqa4wIgRRr6WkT19QXbWL Kxa0uEE0TuEshLT6wYW/zhfq9UHr66skUhmDQASY4EGvCMWfzpqOn/ElvUlR99a7 KlUTdJiKU5VOFAfi3q7twM39eCtzWv9hTEaEkgNGMOqIvS/2KKpoc+XFtE1nlpW/ Bh53H0P12+J9tPBYy0S6rZQhgj0xKGqQ2v5xOdkOklZ2LLKUr3ujWX351fnNle7s QVp8zxO9AD6Jq7JO0cpeApVbxkp1T4Q+z2uwGxEI/VcIOU6j+8AzF7Y7v7C3CGsg KBAn3sxD8xUtAAiY91JPI7pLRjYF4XBftRIXldrokxHESlM0cO+k+XNWzxCDZm9Y u4Nt1LznO+XQjqS2a7Ld1MShnE/MN8st/JkO74ycGS8nROBfzrebAD3jajtOq29O fEaHbM2O7DMf1tH7SUstBoUYF8Yh/LsHKLqordPq9purQAPJMayZz4Z9GXfmrZRc 7AWFNvnm9xUJ6PNzpvxs =8Zkm -----END PGP SIGNATURE----- --JT7Km6uNxtC1LbQY--