Date: Fri, 17 Oct 2014 00:12:47 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Jeremie Le Hen <jlh@FreeBSD.org> Cc: David Carlier <david.carlier@hardenedbsd.org>, freebsd-arch@freebsd.org Subject: Re: PIE/PIC support on base Message-ID: <20141016221247.GB37244@ivaldir.etoilebsd.net> In-Reply-To: <CAGSa5y2=bKpaeLO_S5W%2B1YGq02WMgCZn_5bbEMw%2Bx3j-MYDOoA@mail.gmail.com> References: <CAMe1fxaYn%2BJaKzGXx%2Bywv8F0mKDo72g=W23KUWOKZzpm8wX4Tg@mail.gmail.com> <CAGSa5y3s9r0DRyinfqV=PJc_BT=Em-SLfwhD25nP0=6ki9pHWw@mail.gmail.com> <CAMe1fxaBEc5T77xjpRsMi_kkc5LXwPGooLWTO9C1FJcLSPnO8w@mail.gmail.com> <CAGSa5y2=bKpaeLO_S5W%2B1YGq02WMgCZn_5bbEMw%2Bx3j-MYDOoA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Oct 16, 2014 at 11:59:52PM +0200, Jeremie Le Hen wrote: > On Thu, Oct 16, 2014 at 8:21 PM, David Carlier > <david.carlier@hardenedbsd.org> wrote: > > > > I chose the "atomic" approach, at the moment very few binaries are > > concerned at the moment. So I applied INCLUDE_PIC_ARCHIVE in the needed > > libraries plus created WITH_PIE which add fPIE/fpie -pie flags only if you > > include <bsd.prog.pie.mk> (which include <bsd.prog.mk>...) otherwise other > > binaries include <bsd.prog.mk> as usual hence does not apply. Look > > reasonable approach ? I would more like the USE_PIE=yes approach (Warner would have a better view on the proper approach :)) and make bsd.prog.mk aware of it. > > I think I understand what you mean. But I think PIE is commonplace > nowadays and I don't understand what you win by not enabling it for > the whole system. Is it a performance concern? Is it to preserve > conservative minds from to much change? :) > I have not seen any operating system where PIE is enabled by default on every single binaries, and yes PIE has a performance inpact. It also have an infrastructue cost meaning we have to create PIC enabled archive for at least every single INTERNALLIB and cherrypick the right .a depending on the target we are building (static binaries or dynamic one). regards, Bapt [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlRAQt8ACgkQ8kTtMUmk6EzeeACfYnKGA/aG1YhGwGhESPfGfjy8 +WMAoLEY9hVPXUdj1XRH+I0oaszuvwXS =vop5 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141016221247.GB37244>