Date: Sat, 10 May 2014 14:14:36 -0600 From: Warner Losh <imp@bsdimp.com> To: Shawn Webb <lattera@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: Recent Changes to WITH_*/WITHOUT_* in src Message-ID: <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> In-Reply-To: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> References: <20140510164512.GS3063@pwnie.vrt.sourcefire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On May 10, 2014, at 10:45 AM, Shawn Webb <lattera@gmail.com> wrote: > Hey All, >=20 > It seems that the recent changes to the makefiles for building > world/kernel have broken some modifications I have locally for > implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd > ask for a bit of help. I'm sure the solution is quite simple. >=20 > My code is up on GitHub. I'll include links at the bottom of the = email. >=20 > The code in question is in share/mk/bsd.prog.mk, where I'm checking to > see if MK_PIE is not equal to "no". Prior to the recent changes, this > code used to work. (Please note that I know that the way I'm cheking = is > a bit bloated, if anyone has any suggestions to trim my code down, let > me know). You=92ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since bsd.*.mk files need it. > How this feature is supposed to work is: > 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building > applications as position-independent executables opt-in. > 2) User adds WITH_PIE=3D1 to /etc/src.conf or /etc/make.conf > 3) The application being built needs to also specify CAN_PIE=3D1 in = its > Makefile. This is because some applications don't support being built = as > a position-independent executable. > 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional > CFLAGS. >=20 > The log from my build is here: http://ix.io/cf0 >=20 > My code is here: > = https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/shar= e/mk/bsd.prog.mk#L14-L22 Maybe RESCUE should define NO_SHARED=3Dyes since it is building a static binary so you can eliminate a special case that infects the = bsd.*.mk files with defines from our src build? Hate that you are propagating the NO_SHARED=3Dno interface, but can=92t offer at better suggestion at the moment. I=92d kinda like to kill that=85= Warner > Thanks, >=20 > Shawn > CC: imp@bsdimp.com --Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTboisAAoJEGwc0Sh9sBEAsk8P/igEMLql3tKEB8Wtbx6uC9oK 1F6vENnehiiN4X7//xt5CQurglV6yNZsWVMgbyc/ux5FDTVA/HSw9bTbl8qNjkwB oyA3gNzoRl4M/aBwSGGKb6HH5Ktd79mwMCdvRFuCI4umKCH1CzJYcfu+noNd4GH7 tIHs0ocqBmOBzUZyf6CZzr6SeZhqfTaCJ4rcXXq06hnYAzZFxX9n5UONGdDGRpaD /p0VWOIyP9pLqFPC95KN0gkwcocfPl5ItziwDL2P9PrGtPOEZMAA6wCz34cNYIVB 3eK7qhNEt2txQxNgrnKEm9xxfVXw1Kl4vFyMh6pRFqJIsLOYDlHs19lFSQcSEQWI iJAlSvfx2OektzHXgzhYyl3P+XRJEs6kPdlMq7JHE/JgqegDAmK/Z0WBboThoSXE w0ooWPAAlwZAv5x5xqRkQM7L5JYTx2hKc5A2WkiS6zKTGryoSAEtPDNVvVw1X8nB dquz5Mh2eby0V/gALs2pZUnSOibOglyjBtWTPucNF22GdjAHjhgy1k8/qN8Mexkl 2uK0pcCaPes5LxTAyoC4oEUGFrvhG09n6Ru7FhZjiYGtgTtR3ydPKinB/8se/FYv ZGgN/j3oKH4Wg58GHd6iJ1bvmdTb/pT4qV+U88oKPwxA+WF/pWylrTl9j6nGS1uJ gv3SBZX0BtYggxmMvg2R =Vgwi -----END PGP SIGNATURE----- --Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?73589111-84D9-40EA-89F1-330396E853DA>