From nobody Sun Jan 23 10:36:29 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 339C41981444 for ; Sun, 23 Jan 2022 10:36:44 +0000 (UTC) (envelope-from mw@semihalf.com) Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JhV0W3LTBz4gH0 for ; Sun, 23 Jan 2022 10:36:43 +0000 (UTC) (envelope-from mw@semihalf.com) Received: by mail-lf1-x136.google.com with SMTP id a28so13221951lfl.7 for ; Sun, 23 Jan 2022 02:36:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf-com.20210112.gappssmtp.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=HOnQHSQ+7K62O3Q1wNsrJybIA3AsPYRcy56OpiukEl8=; b=zAEQrWKr/pbMU9UR3sncZ6Zcvv0TYRVpHnqATYKxDevW/8mQsj1kpceqWch6g7EbDE iM/wO4cwRf5tElvOX3eggibEdtMk57mE0jiB+T34qIO3ifPahjIo6khoVOIWlagTPb/L IUJIsukHi5rDKkTWjpZgvIw0FUVIVdx0V02AkiXugvJQFIDm/WKtvXS57FZsLeEirms8 SmQ7ikdTP+7Vr65I1LKpmQc7bbxaKe3eNpu34cmZ79fX5LgUZP7MOx5lUNOV25y1Zsnu eFBmjYBUj0U2xNaZjkcYui1NWsq9nx1Ej40IvVA3HLB6nBSwQ4dx2rwQNhIhQPVUwYi3 OsMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=HOnQHSQ+7K62O3Q1wNsrJybIA3AsPYRcy56OpiukEl8=; b=ibipGp8GeQw/6686UqsA/Bfwx/n2OqOYmE48LvykOZFR247Tn1AbyLY5GqKRH2uSt6 IxvQ3x05qvX3c98hPQd2bYtkx6/OM/ArrwM+zMTR8L9DUZPOX9UOXQkC6aBi+UTV+PSc saSY20WKFWD8EVOBQXw4KqLAcStAAm45K3zXs9ZU2klgaVd5X40emHGIgJygs3f/5ISk UEUBG/FCnqUZF8eJae1f/A9UwW4XQLmPEwCwtAIR4q9N435Q+S9GMqYdYs5LqGI6L/nt x8HgCFet7Mro3/TmY67/rFKeI4hBLC8q1BX5J21wlnEnrH7V8OOQSG9KhJIkkSPNta9K loHQ== X-Gm-Message-State: AOAM530/SXFbqNyR2bmfW3uiBdcCjtsppWBnQpPMyrsKFK/wb7zH6/M4 wNAVC+MH1LRyGfBsJlBfjCrMVR4fjB090ItGKUKAubXeGohUJQ== X-Google-Smtp-Source: ABdhPJxRgZsAAOOM1k+FaWFUKAEuhpm8TbuvDALsuoncrDfX5c/Ensi7h9KZ2tE+/G8hlxKt9oCR60u7zVxGB+qpV1s= X-Received: by 2002:a05:6512:108b:: with SMTP id j11mr10041909lfg.428.1642934201460; Sun, 23 Jan 2022 02:36:41 -0800 (PST) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 From: Marcin Wojtas Date: Sun, 23 Jan 2022 11:36:29 +0100 Message-ID: Subject: HEADS-UP: PIE enabled by default on stable/13 To: freebsd-current Content-Type: multipart/alternative; boundary="00000000000077bb5505d63d6d3d" X-Rspamd-Queue-Id: 4JhV0W3LTBz4gH0 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=semihalf-com.20210112.gappssmtp.com header.s=20210112 header.b=zAEQrWKr; dmarc=none; spf=none (mx1.freebsd.org: domain of mw@semihalf.com has no SPF policy when checking 2a00:1450:4864:20::136) smtp.mailfrom=mw@semihalf.com X-Spamd-Result: default: False [2.70 / 15.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[semihalf-com.20210112.gappssmtp.com:s=20210112]; FREEFALL_USER(0.00)[mw]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(1.00)[0.995]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[semihalf.com]; NEURAL_SPAM_MEDIUM(1.00)[1.000]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[semihalf-com.20210112.gappssmtp.com:+]; NEURAL_SPAM_LONG(1.00)[1.000]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::136:from]; MLMMJ_DEST(0.00)[freebsd-current]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --00000000000077bb5505d63d6d3d Content-Type: text/plain; charset="UTF-8" Hi, As of 396e9f259d962 the base system binaries are now built as position-independent executable (PIE) by default, for 64-bit architectures. Thanks to that enabling ASLR can be done simply by sysctls knobs when booting the kernel. If you track stable/13 and normally build WITHOUT_CLEAN you'll need to do one initial clean build -- either run `make cleanworld` or set WITH_CLEAN=yes. The change is a pure MFC of the changes integrated to -CURRENT early 2021 and no issues are expected, but in case any problems are observed, please issue a PR and/or let me know in this thread. Best regards, Marcin --00000000000077bb5505d63d6d3d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

As of=C2=A0396e9f259d962 the base s= ystem binaries are now built as position-independent executable (PIE) by de= fault, for 64-bit architectures. Thanks to that enabling ASLR can be done s= imply
by sysctls knobs when booting the kernel.

If you track stable/13 and normally build WITHOUT_CLEAN you'll ne= ed to do one initial clean build -- either run `make cleanworld` or set WIT= H_CLEAN=3Dyes.

The change is a pure MFC of the= changes integrated to -CURRENT early 2021 and no issues are expected, but = in case any problems are observed, please issue a PR and/or let me know in = this thread.

Best regards,
Marcin<= /div>
--00000000000077bb5505d63d6d3d--