From owner-freebsd-arch@FreeBSD.ORG  Thu Oct 16 22:12:54 2014
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9B0F9EEB;
 Thu, 16 Oct 2014 22:12:54 +0000 (UTC)
Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com
 [IPv6:2a00:1450:4010:c04::234])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E3787919;
 Thu, 16 Oct 2014 22:12:53 +0000 (UTC)
Received: by mail-lb0-f180.google.com with SMTP id n15so3642652lbi.11
 for <multiple recipients>; Thu, 16 Oct 2014 15:12:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=JP2Xx+XBRiaIVEIsPugrOYyzWwZ/GYrWHOfk/JUuOLk=;
 b=lVTyqwTNaDlNV5QzI+ulaWBOgQoJlj6SINMqTb4AcV7eQ4yvUbV8dulc4xNFEaln3D
 5E8Wa5Fr9O1I7X7iywncOuypo3EhWD+y1UvUbN+hfKqigYLUusysXNS6xr48OEWiDUpe
 33iaaZvSsFyIVA0+vFgy/yia7nuCZOusDYyVabPMQDJgx1KdQRpoRPHMj+z6b47KmBP2
 EdkDelWu0i+Ry91E8h+AUd1eMduhIArTVOg5HUh2SZODBrA/npM9DyJs6FXHMfnblxyT
 g1xpf/f1pwvBBvUkUjMZo2uEyDs1bXbtv4iigl0gfCUefIzmv4VQ3QvuG+z3Gj19NPV/
 VzoQ==
X-Received: by 10.112.169.66 with SMTP id ac2mr4525326lbc.73.1413497571756;
 Thu, 16 Oct 2014 15:12:51 -0700 (PDT)
Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1])
 by mx.google.com with ESMTPSA id oh4sm8172495lbc.19.2014.10.16.15.12.49
 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 16 Oct 2014 15:12:50 -0700 (PDT)
Sender: Baptiste Daroussin <baptiste.daroussin@gmail.com>
Date: Fri, 17 Oct 2014 00:12:47 +0200
From: Baptiste Daroussin <bapt@FreeBSD.org>
To: Jeremie Le Hen <jlh@FreeBSD.org>
Subject: Re: PIE/PIC support on base
Message-ID: <20141016221247.GB37244@ivaldir.etoilebsd.net>
References: <CAMe1fxaYn+JaKzGXx+ywv8F0mKDo72g=W23KUWOKZzpm8wX4Tg@mail.gmail.com>
 <CAGSa5y3s9r0DRyinfqV=PJc_BT=Em-SLfwhD25nP0=6ki9pHWw@mail.gmail.com>
 <CAMe1fxaBEc5T77xjpRsMi_kkc5LXwPGooLWTO9C1FJcLSPnO8w@mail.gmail.com>
 <CAGSa5y2=bKpaeLO_S5W+1YGq02WMgCZn_5bbEMw+x3j-MYDOoA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="4bRzO86E/ozDv8r1"
Content-Disposition: inline
In-Reply-To: <CAGSa5y2=bKpaeLO_S5W+1YGq02WMgCZn_5bbEMw+x3j-MYDOoA@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: David Carlier <david.carlier@hardenedbsd.org>, freebsd-arch@freebsd.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 22:12:54 -0000


--4bRzO86E/ozDv8r1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 16, 2014 at 11:59:52PM +0200, Jeremie Le Hen wrote:
> On Thu, Oct 16, 2014 at 8:21 PM, David Carlier
> <david.carlier@hardenedbsd.org> wrote:
> >
> > I chose the "atomic" approach, at the moment very few binaries are
> > concerned at the moment. So I applied INCLUDE_PIC_ARCHIVE in the needed
> > libraries plus created WITH_PIE which add fPIE/fpie -pie flags only if =
you
> > include <bsd.prog.pie.mk> (which include <bsd.prog.mk>...) otherwise ot=
her
> > binaries include <bsd.prog.mk> as usual hence does not apply. Look
> > reasonable approach ?

I would more like the USE_PIE=3Dyes approach (Warner would have a better vi=
ew on
the proper approach :)) and make bsd.prog.mk aware of it.
>=20
> I think I understand what you mean.  But I think PIE is commonplace
> nowadays and I don't understand what you win by not enabling it for
> the whole system.  Is it a performance concern?  Is it to preserve
> conservative minds from to much change? :)
>=20

I have not seen any operating system where PIE is enabled by default on eve=
ry
single binaries, and yes PIE has a performance inpact.

It also have an infrastructue cost meaning we have to create PIC enabled ar=
chive
for at least every single INTERNALLIB and cherrypick the right .a depending=
 on
the target we are building (static binaries or dynamic one).

regards,
Bapt

--4bRzO86E/ozDv8r1
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlRAQt8ACgkQ8kTtMUmk6EzeeACfYnKGA/aG1YhGwGhESPfGfjy8
+WMAoLEY9hVPXUdj1XRH+I0oaszuvwXS
=vop5
-----END PGP SIGNATURE-----

--4bRzO86E/ozDv8r1--