Date: Fri, 26 Feb 2021 20:57:55 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: Gordon Bergling <gbe@freebsd.org> Cc: Ed Maste <emaste@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: HEADS-UP: PIE enabled by default on main Message-ID: <YDlEs6tA9e9VJJ0C@kib.kiev.ua> In-Reply-To: <YDk/G50NWjeoia33@lion.0xfce3.net> References: <CAPyFy2CyxG=Bj8T22ixW3=E3dv6mPoZRwJ_VSN%2BTwky95rUYYw@mail.gmail.com> <YDk/G50NWjeoia33@lion.0xfce3.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 26, 2021 at 07:34:03PM +0100, Gordon Bergling wrote: > On Thu, Feb 25, 2021 at 03:58:07PM -0500, Ed Maste wrote: > > As of 9a227a2fd642 (main-n245052) base system binaries are now built > > as position-independent executable (PIE) by default, for 64-bit > > architectures. PIE executables are used in conjunction with address > > randomization as a mitigation for certain types of security > > vulnerabilities. > > > > If you track -CURRENT and normally build WITHOUT_CLEAN you'll need to > > do one initial clean build -- either run `make cleanworld` or set > > WITH_CLEAN=yes. > > > > No significant user-facing changes are expected from this change, but > > there are some minor ones. For example, `file` will indicate that > > binaries are PIE by reporting something like `ELF 64-bit LSB pie > > executable` rather than `ELF 64-bit LSB executable`. Also, for most > > workloads no notable performance impact is expected. > > > > For almost all ports this should result in no change. There are a > > small number of ports that use base system /usr/share/mk > > infrastructure and thus inherit the base system default, and some of > > those initially failed to build. Those found during an exp-run in > > PR253275 have been addressed or have patches waiting. > > > > Please watch out for any new issues after you next update the base > > system and/or ports, and report issues via a Bugzilla PR or in reply > > here. > > Thats a huge step forward in terms on security. Can you explain why? Thanks. > Thanks for the efforts and anyone involved. > > --Gordon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YDlEs6tA9e9VJJ0C>