From owner-svn-src-head@FreeBSD.ORG Sun Jun 8 20:19:59 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2B543940 for ; Sun, 8 Jun 2014 20:19:59 +0000 (UTC) Received: from nm19-vm0.bullet.mail.bf1.yahoo.com (nm19-vm0.bullet.mail.bf1.yahoo.com [98.139.213.162]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BCA132554 for ; Sun, 8 Jun 2014 20:19:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1402258395; bh=I/iO/w2ZOgq4rPcFDhNuL81/nd77I+Ust/y0/ncpO10=; h=Received:Received:Received:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:Organization:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=QBoECqJ3sScvUK2A9u35gF88PY4/43xFFVdTLmniLHaPfLwSClx9tXUl8AdM7ysjIaWQlgYKGcQMeTczU2bBIvZ3S8+d9vuYp+sua3Z2PeFZzl4ejVKWa0+AaH3AFQZELNtcs2qmRR9Kb3ULWrgHDoXvxyDGfn90CrJCblYNQ+JaKnbaP/DPTbW+FLU7BZ1jVmN8hFBK/XNNKMo3ZCD6iDM6MR5Lv7AkHd400behxkYCt/Lf2tSCU/YXBkGtC1aMD758wbC9436PNCTjg/uCIXebcAGJhaOD9gfsn3j50/4YXTpTiHTK7shtfWPEABwGRoQBfju6h+f0teocrlwtsg== DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=Hv3bwn9OSfxL8R6zGdySZvKpD7/Dme+W9GgrbqLfGNDrqp3hZGm/bRXDnDFYZZ05ArdcURjUKlC3K/gf53bI+/+ujQa9UWzSVIjKCwfoOtHPHlmnBCvxJ1Y0YsRLUhN+iGbBmTxqrEZuOBUfspUfgDW1XgHZUJ7gFfCyvmQO/Vhiisu4MGVydGYizr8sdm+dLYEoZWdzLkcMgWewVahF3/GdVsDJDIZ5raaq8IQHCK4sSjNRzTmputjib39GWRthISwGOo64Am8WpPUNDlwEX36kPzbBS35XPn8xicwOcsLekSlgo2MMRKhnxIwYKKpYpzswSrbbgAkEkUZAsmyDJQ==; Received: from [98.139.212.152] by nm19.bullet.mail.bf1.yahoo.com with NNFMP; 08 Jun 2014 20:13:15 -0000 Received: from [68.142.230.75] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 08 Jun 2014 20:13:15 -0000 Received: from [127.0.0.1] by smtp232.mail.bf1.yahoo.com with NNFMP; 08 Jun 2014 20:13:15 -0000 X-Yahoo-Newman-Id: 634104.57816.bm@smtp232.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 3T8MNsgVM1nFEDp1W._AwGvYk6zWFReW23z7zMmbiNFgvyd azak8ewj57BGd_OfUFO0Mud8SOxy0z1B92TzNXYTAreOKKe3JtJjDH9MvrrB GjqI8ucLFIlZZ5sJs.SECAjX6h7avFXBExiUaq16RIFEoo54.2phJEn5.JXC zIFjd_L3ZtBycweRjJlz9IGg_kW7ERQVfPzA2PTd8NCLRjZlvIBY4S2mABBv SWC7GTAVfzDuKqQBOMO7qczGhRw_hwxSIqADtliJMpzgm8LqWoJxb1KF4znT A.nHvYdp_i7Sxxv7dvAbZOelIdWZP_yvxqEvWoUV3e31cqSZjMMOVS0n.4YT 5uEDJ93F1opMG66XzO1pZW10xyxOqtbWOiehJxT.PqlJ1vtzyHV8u4coMEmU XW70Sakf3hlWi6jiHecQZpoSRsIqCHgn29YIm8Q2wgpCcMHokLFtFI6L7j50 dEeIOFlO93wks7iUEWr7oW7JC9tmtFeNoXga_1jsEYCqezNmlYO9FSnSB366 3eeirEvCHG9KbtNDXppjbhcIf_e.8FTmtcSTkdPdF6x3w7WE08TVvuGb9vuR 3rswTbtiDa.D.U_0iS8RWFW3V X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf X-Rocket-Received: from [192.168.0.102] (pfg@190.157.126.109 with plain [63.250.193.228]) by smtp232.mail.bf1.yahoo.com with SMTP; 08 Jun 2014 20:13:15 +0000 UTC Message-ID: <5394C3D8.7040800@FreeBSD.org> Date: Sun, 08 Jun 2014 15:13:12 -0500 From: Pedro Giffuni Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Alfred Perlstein , Konstantin Belousov Subject: Re: svn commit: r267233 - in head: . bin/rmail gnu/usr.bin/binutils/addr2line gnu/usr.bin/binutils/nm gnu/usr.bin/binutils/objcopy gnu/usr.bin/binutils/objdump gnu/usr.bin/binutils/readelf gnu/usr.bin/... References: <201406081729.s58HTWkc006213@svn.freebsd.org> <74512A27-DD5F-4D43-BFA1-0AC04E0D08B4@FreeBSD.org> <20140608182728.GX3991@kib.kiev.ua> <5394ABD2.5040009@mu.org> <20140608184451.GZ3991@kib.kiev.ua> <5394B607.1000109@mu.org> In-Reply-To: <5394B607.1000109@mu.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Bryan Drewery X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2014 20:19:59 -0000 Hello; El 6/8/2014 2:14 PM, Alfred Perlstein escribió: > On 6/8/14 11:44 AM, Konstantin Belousov wrote: >> On Sun, Jun 08, 2014 at 11:30:42AM -0700, Alfred Perlstein wrote: >>> On 6/8/14 11:27 AM, Konstantin Belousov wrote: >>>> On Sun, Jun 08, 2014 at 05:38:49PM +0000, Bjoern A. Zeeb wrote: >>>>> On 08 Jun 2014, at 17:29 , Bryan Drewery wrote: >>>>> >>>>>> Author: bdrewery >>>>>> Date: Sun Jun 8 17:29:31 2014 >>>>>> New Revision: 267233 >>>>>> URL: http://svnweb.freebsd.org/changeset/base/267233 >>>>>> >>>>>> Log: >>>>>> In preparation for ASLR [1] support add WITH_PIE to support >>>>>> building with -fPIE. >>>>>> >>>>>> This is currently an opt-in build flag. Once ASLR support is >>>>>> ready and stable >>>>>> it should changed to opt-out and be enabled by default along >>>>>> with ASLR. >>>>>> >>>>>> Each application Makefile uses opt-out to ensure that ASLR will >>>>>> be enabled by >>>>>> default in new directories when the system is compiled with >>>>>> PIE/ASLR. [2] >>>>>> >>>>>> Mark known build failures as NO_PIE for now. >>>>> No, no, no, no more NOs! >>>>> >>>>> I?ll leave it to others who understand the current build system in >>>>> days when it?s not broken to fix this entire splattering across all >>>>> these Makefiles; we really need a better way for this. >>>> I have no words to express my dissatisfaction with this commit. >>>> If change to the build of _some_ usermode binaries require patching >>>> of loader', csu and rtld Makefiles, obviously it is done wrong. >>>> >>>> Why almost half of the binaries require opt-out ? >>>> >>>> PLEASE REVERT THIS. >>> Wait. Does this not serve as a useful stake in the ground for people to >>> come in and update things? Instead of asking to back out, shouldn't we >>> be doing an announcement "ok folks, it's now time to fix this!" and move >>> forward? Otherwise we may never get any pie. >> Let me reformulate. >> >> Somebody commits broken change, despite it was pointed out by many >> before the commit. From the changes it is obvious that people which >> proposed it do not understand what they hack on. And then, somebody else >> must run and 'fix' previously non-broken code. >> >> Sure, you get the pie. > Sure, but hasn't the default stayed unchanged? > > It seems like you have to enable ASLR first before you see all the > breakage. Right now it seems like goal was to document what even > compiles versus doesn't compile with ASLR. Afaik there is not setting > of ASLR on by default. > FWIW, and with huge respect to the people working on it, I have come to the conclusion that ASLR is useless. The fact that MS and Apple enable it now by default is not really a point in favor of the technology as the workarounds became popular and finer randomization won't help[1]. I am also worried about the performance: Redhat created PIE but backpedaled when they noticed the performance impact and AFAICT only use PIE in a restricted set of binaries. I would like to see these as an option but I don't think it should ever be made the default. Yes, I am aware these patches don't turn anything by default but I (and probably others) am suspecting such a switch may be thrown upon us without much discussion. > There has to be a way to call out what works and what doesn't work and > form a transition from a world with no ASLR to one with some ASLR and > eventually one with almost entirely ASLR coverage. I'm not sure it can > be done in one fell swoop. Hooks like this in -current allow for this > to be done as a group effort. > > It would be very unlikely that we retain the semantics all the way until > a -stable release. > I am not (yet) criticizing the patches to the build system as I want to preserve my innocence ;) ... but perhaps if the semantics are not finalized this should be done in a branch. It is my opinion that in general we are not using SVN branches as much as we should. Pedro. For reference: [1] http://youtu.be/dkZ9zdSRQYM