From owner-freebsd-arch@FreeBSD.ORG Thu Oct 16 22:12:54 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9B0F9EEB; Thu, 16 Oct 2014 22:12:54 +0000 (UTC) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E3787919; Thu, 16 Oct 2014 22:12:53 +0000 (UTC) Received: by mail-lb0-f180.google.com with SMTP id n15so3642652lbi.11 for ; Thu, 16 Oct 2014 15:12:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=JP2Xx+XBRiaIVEIsPugrOYyzWwZ/GYrWHOfk/JUuOLk=; b=lVTyqwTNaDlNV5QzI+ulaWBOgQoJlj6SINMqTb4AcV7eQ4yvUbV8dulc4xNFEaln3D 5E8Wa5Fr9O1I7X7iywncOuypo3EhWD+y1UvUbN+hfKqigYLUusysXNS6xr48OEWiDUpe 33iaaZvSsFyIVA0+vFgy/yia7nuCZOusDYyVabPMQDJgx1KdQRpoRPHMj+z6b47KmBP2 EdkDelWu0i+Ry91E8h+AUd1eMduhIArTVOg5HUh2SZODBrA/npM9DyJs6FXHMfnblxyT g1xpf/f1pwvBBvUkUjMZo2uEyDs1bXbtv4iigl0gfCUefIzmv4VQ3QvuG+z3Gj19NPV/ VzoQ== X-Received: by 10.112.169.66 with SMTP id ac2mr4525326lbc.73.1413497571756; Thu, 16 Oct 2014 15:12:51 -0700 (PDT) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by mx.google.com with ESMTPSA id oh4sm8172495lbc.19.2014.10.16.15.12.49 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Oct 2014 15:12:50 -0700 (PDT) Sender: Baptiste Daroussin Date: Fri, 17 Oct 2014 00:12:47 +0200 From: Baptiste Daroussin To: Jeremie Le Hen Subject: Re: PIE/PIC support on base Message-ID: <20141016221247.GB37244@ivaldir.etoilebsd.net> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4bRzO86E/ozDv8r1" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: David Carlier , freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2014 22:12:54 -0000 --4bRzO86E/ozDv8r1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 16, 2014 at 11:59:52PM +0200, Jeremie Le Hen wrote: > On Thu, Oct 16, 2014 at 8:21 PM, David Carlier > wrote: > > > > I chose the "atomic" approach, at the moment very few binaries are > > concerned at the moment. So I applied INCLUDE_PIC_ARCHIVE in the needed > > libraries plus created WITH_PIE which add fPIE/fpie -pie flags only if = you > > include (which include ...) otherwise ot= her > > binaries include as usual hence does not apply. Look > > reasonable approach ? I would more like the USE_PIE=3Dyes approach (Warner would have a better vi= ew on the proper approach :)) and make bsd.prog.mk aware of it. >=20 > I think I understand what you mean. But I think PIE is commonplace > nowadays and I don't understand what you win by not enabling it for > the whole system. Is it a performance concern? Is it to preserve > conservative minds from to much change? :) >=20 I have not seen any operating system where PIE is enabled by default on eve= ry single binaries, and yes PIE has a performance inpact. It also have an infrastructue cost meaning we have to create PIC enabled ar= chive for at least every single INTERNALLIB and cherrypick the right .a depending= on the target we are building (static binaries or dynamic one). regards, Bapt --4bRzO86E/ozDv8r1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlRAQt8ACgkQ8kTtMUmk6EzeeACfYnKGA/aG1YhGwGhESPfGfjy8 +WMAoLEY9hVPXUdj1XRH+I0oaszuvwXS =vop5 -----END PGP SIGNATURE----- --4bRzO86E/ozDv8r1--