From owner-svn-src-head@FreeBSD.ORG Mon Jun 9 02:13:05 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECE043D2 for ; Mon, 9 Jun 2014 02:13:05 +0000 (UTC) Received: from nm22-vm1.bullet.mail.bf1.yahoo.com (nm22-vm1.bullet.mail.bf1.yahoo.com [98.139.212.127]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9822E2E1D for ; Mon, 9 Jun 2014 02:13:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1402279977; bh=wFgoeXna4LKHQ1hCW3pHZWOKtXvMIUEq5uWJr30LWyc=; h=Received:Received:Received:X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:Organization:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=YLZ69Fm1yhCaaA3KErwQ8HEwChKCkW6hf8q0zS0Xs0+VczfnJNiPPIJBrovMopMzItjbG78XJUDvnKi3VA/uMI60raEJ6xsWfSAGomdrMhj8D4MGFEsKkU6kwxRnvbaswmurymkYFPrfS0F/PsNDBL7lfPE9pfuJOt9Imf/g7cgzYocjjZpJZm5KHUkVDJ49V0neYfy0GKQnFL99PUCk6tHzHNNwaazd/lHUwzOM2D+4uRlMli9IkQLGZjJsu0dmRonEdF0wLKfxXfG7B/5ScfQcz8sCvlB3e2e9gUvKNfcmaUHQwEqSVb4O7ayBh8SJVjyw3aZ1iXw3nLxWEieeOw== DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=gt2Uz2dYyRMVc8GNOwFiMEdM91Cb1C/PTDn1VBrKAjysFtjPhZkvfWjynKPZ2VPlV9K43sCqek+gyAy9nift+8YCKramYBHAbiBX1VSEFLWAqYyMPm072Wcnf9fBrlZVkj1pnXKh9pGcVnexXygl+GvtJjrrG/TFV5brceLQttEuH1sHGmOLbOqkFTcmOYJ6yshvMtX8oVVpJejTEF8ou1TSvFm+YzmKB6Nay4HRO4DheAbUtzynpQEz4XcO/GHW79iuXAuDlCmNm6rX/yx1bdqbWRuy5BhjxMkKUT4bPnTm3lSRkX6NUVWvrzgApXXogGux1c7c/30SLN+sYQEwkQ==; Received: from [98.139.215.141] by nm22.bullet.mail.bf1.yahoo.com with NNFMP; 09 Jun 2014 02:12:57 -0000 Received: from [68.142.230.74] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 09 Jun 2014 02:12:56 -0000 Received: from [127.0.0.1] by smtp231.mail.bf1.yahoo.com with NNFMP; 09 Jun 2014 02:12:56 -0000 X-Yahoo-Newman-Id: 877221.22808.bm@smtp231.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 5OBs58QVM1mp1YSVf_rfA3oMUdR.3ta_19lDG9yagK76_q1 5Cm2IeHE1mTYomiA.YDxg9GBOJERxH8d0igIC7cI7Swx1RqhlHgR6O2tnBLn liQStvAc191m93rjWSg.W.e_XVe7U_yhr3Ynt59P.gaTzDq8miA76gdAxqm5 QDgfs4sVtPSxrG_tUyFny.YKcyxcG7QFVIG.FEGXaPD_k2_FqiHx0txtgMN1 3TCZ.3XXfCWnu1rDqdb4QXCSwHPAAuaOI1fjgWYiU1aPBbqIc1ShDnNo3CLf Arwk5XeQ7KmWmIOv59RBmdrWce6nxRnpVKDHZFuoqEEQMp0BvxTo4V4hor6d ukXLejusnR_Wtf8yeysduOEbvUwwBmDUZ6WnTlx3YykyAyzNLUuAVdjxDC1I 6lp0J3Y55J73lNDsd_VLNRuGnqcmyrUzs5IoI8oRDZwzC_gTnPXummMMh4lu E3QHSzOXsX69RLl2mbaVa7rji0P2wxkWwqJCxwe3NzvxL9eDddNw.8VZBQWS pCsAHZF4cbxd9bjuWlVMf1EGGaNz0Vlpz0aNh.gPG3AGbl3BBQu20YJi85v7 O61y8_MP5oNCyugurNuLhZ7LKoLqcdj2S X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf X-Rocket-Received: from [192.168.0.102] (pfg@190.157.126.109 with plain [98.139.211.125]) by smtp231.mail.bf1.yahoo.com with SMTP; 09 Jun 2014 02:12:56 +0000 UTC Message-ID: <53951828.6030200@FreeBSD.org> Date: Sun, 08 Jun 2014 21:12:56 -0500 From: Pedro Giffuni Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Bryan Drewery , Alfred Perlstein , Konstantin Belousov Subject: Re: svn commit: r267233 - in head: . bin/rmail gnu/usr.bin/binutils/addr2line gnu/usr.bin/binutils/nm gnu/usr.bin/binutils/objcopy gnu/usr.bin/binutils/objdump gnu/usr.bin/binutils/readelf gnu/usr.bin/... References: <201406081729.s58HTWkc006213@svn.freebsd.org> <74512A27-DD5F-4D43-BFA1-0AC04E0D08B4@FreeBSD.org> <20140608182728.GX3991@kib.kiev.ua> <5394ABD2.5040009@mu.org> <20140608184451.GZ3991@kib.kiev.ua> <5394B607.1000109@mu.org> <5394C3D8.7040800@FreeBSD.org> <5394D823.60106@FreeBSD.org> In-Reply-To: <5394D823.60106@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2014 02:13:06 -0000 El 6/8/2014 4:39 PM, Bryan Drewery escribió: > On 6/8/2014 3:13 PM, Pedro Giffuni wrote: >> Hello; >> >> El 6/8/2014 2:14 PM, Alfred Perlstein escribió: >>> On 6/8/14 11:44 AM, Konstantin Belousov wrote: >>>> On Sun, Jun 08, 2014 at 11:30:42AM -0700, Alfred Perlstein wrote: >>>>> On 6/8/14 11:27 AM, Konstantin Belousov wrote: >>>>>> On Sun, Jun 08, 2014 at 05:38:49PM +0000, Bjoern A. Zeeb wrote: >>>>>>> On 08 Jun 2014, at 17:29 , Bryan Drewery >>>>>>> wrote: >>>>>>> >>>>>>>> Author: bdrewery >>>>>>>> Date: Sun Jun 8 17:29:31 2014 >>>>>>>> New Revision: 267233 >>>>>>>> URL: http://svnweb.freebsd.org/changeset/base/267233 >>>>>>>> >>>>>>>> Log: >>>>>>>> In preparation for ASLR [1] support add WITH_PIE to support >>>>>>>> building with -fPIE. >>>>>>>> >>>>>>>> This is currently an opt-in build flag. Once ASLR support is >>>>>>>> ready and stable >>>>>>>> it should changed to opt-out and be enabled by default along >>>>>>>> with ASLR. >>>>>>>> >>>>>>>> Each application Makefile uses opt-out to ensure that ASLR will >>>>>>>> be enabled by >>>>>>>> default in new directories when the system is compiled with >>>>>>>> PIE/ASLR. [2] >>>>>>>> >>>>>>>> Mark known build failures as NO_PIE for now. >>>>>>> No, no, no, no more NOs! >>>>>>> >>>>>>> I?ll leave it to others who understand the current build system in >>>>>>> days when it?s not broken to fix this entire splattering across all >>>>>>> these Makefiles; we really need a better way for this. >>>>>> I have no words to express my dissatisfaction with this commit. >>>>>> If change to the build of _some_ usermode binaries require patching >>>>>> of loader', csu and rtld Makefiles, obviously it is done wrong. >>>>>> >>>>>> Why almost half of the binaries require opt-out ? >>>>>> >>>>>> PLEASE REVERT THIS. >>>>> Wait. Does this not serve as a useful stake in the ground for >>>>> people to >>>>> come in and update things? Instead of asking to back out, shouldn't we >>>>> be doing an announcement "ok folks, it's now time to fix this!" and >>>>> move >>>>> forward? Otherwise we may never get any pie. >>>> Let me reformulate. >>>> >>>> Somebody commits broken change, despite it was pointed out by many >>>> before the commit. From the changes it is obvious that people which >>>> proposed it do not understand what they hack on. And then, somebody else >>>> must run and 'fix' previously non-broken code. >>>> >>>> Sure, you get the pie. >>> Sure, but hasn't the default stayed unchanged? >>> >>> It seems like you have to enable ASLR first before you see all the >>> breakage. Right now it seems like goal was to document what even >>> compiles versus doesn't compile with ASLR. Afaik there is not setting >>> of ASLR on by default. >>> >> >> FWIW, and with huge respect to the people working on it, I have come to >> the conclusion that ASLR is useless. The fact that MS and Apple enable >> it now by default is not really a point in favor of the technology as >> the workarounds became popular and finer randomization won't help[1]. >> >> I am also worried about the performance: Redhat created PIE but >> backpedaled when they noticed the performance impact and AFAICT only use >> PIE in a restricted set of binaries. >> >> I would like to see these as an option but I don't think it should ever >> be made the default. Yes, I am aware these patches don't turn anything >> by default but I (and probably others) am suspecting such a switch may >> be thrown upon us without much discussion. >> >> >>> There has to be a way to call out what works and what doesn't work and >>> form a transition from a world with no ASLR to one with some ASLR and >>> eventually one with almost entirely ASLR coverage. I'm not sure it can >>> be done in one fell swoop. Hooks like this in -current allow for this >>> to be done as a group effort. >>> >>> It would be very unlikely that we retain the semantics all the way until >>> a -stable release. >>> >> >> I am not (yet) criticizing the patches to the build system as I want to >> preserve my innocence ;) ... but perhaps if the semantics are not >> finalized this should be done in a branch. It is my opinion that in >> general we are not using SVN branches as much as we should. >> >> Pedro. >> >> For reference: >> >> [1] http://youtu.be/dkZ9zdSRQYM > > Yes there are performance implications. No, the default of PIE and ASLR > won't be done without discussion. > Sounds fair enough for me, thanks! For the record, despite my general disagreement around making it default, I do appreciate the enthusiasm with which Shawn and Oliver are taking these security enhancement projects and Bryan's willingness to wear the asbestos pants here. Pedro.