Date: Sun, 25 May 2014 20:06:40 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-security@freebsd.org, =?iso-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, freebsd-current@freebsd.org, freebsd-stable@freebsd.org, Shawn Webb <lattera@gmail.com> Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <49702223-7624-4D44-9371-2F8C5E2D4D38@FreeBSD.org> In-Reply-To: <CAPjTQNE6V%2BMAMg4KODVhLckq9p=kpKZPmSK=LEtQkcfZqVi7SA@mail.gmail.com> References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> <CAPjTQNG9pGLbDF7a8b%2B9s_NRD3Rq-sLnj7AXczjB=Ko_S44C3A@mail.gmail.com> <86a9a56ac6.fsf@nine.des.no> <CAPjTQNE6V%2BMAMg4KODVhLckq9p=kpKZPmSK=LEtQkcfZqVi7SA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 25 May 2014, at 19:42, Oliver Pinter <oliver.pntr@gmail.com> wrote: > On 5/25/14, Dag-Erling Smørgrav <des@des.no> wrote: >> Oliver Pinter <oliver.pntr@gmail.com> writes: ... >>> PAX: blacklist clang and related binaries from PIE support >> >> Why? Performance, or do they actually break? > > No. If you definded WITH_CLANG_EXTRAS= in src.conf, the breaked the build. > (added dim@ to CC) > > --- usr.bin.all__D --- > /usr/obj/usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint/../../../lib/clang/libllvmirreader/libllvmirreader.a: > could not read symbols: Bad value > c++: error: linker command failed with exit code 1 (use -v to see invocation) > *** [bugpoint] Error code 1 I assume you only get this with your ASLR patches applied? Maybe this is because the clang binary itself gets built statically (and so will definitely not be PIE), but the rest of the 'extras', such as bugpoint, are regular dynamic executables. And note that none of the libraries built under lib/libclang are built with -fPIC, at the moment. So that might cause trouble with your PIE patches. In any case, the interesting thing is what the actual linker error was. Do you have more of the preceding build log, including the rest of the settings that were used to build world? And also, what does "file /usr/obj/usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint/../../../lib/clang/libllvmirreader/libllvmirreader.a" say? -Dimitry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlOCMTMACgkQsF6jCi4glqNQmQCgxsg9UC9JkSn8kNHnariVhESs xa4An2oaJXR9EThhr5gpLZ9LjH907/rQ =kgCZ -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49702223-7624-4D44-9371-2F8C5E2D4D38>