Date: Mon, 05 Oct 2009 10:48:37 -0400 From: Mike Tancsa <mike@sentex.net> To: Andre Albsmeier <Andre.Albsmeier@siemens.com>, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: jhell <jhell@DataIX.net>, stable@freebsd.org, Andre Albsmeier <Andre.Albsmeier@siemens.com> Subject: Re: security.bsd.map_at_zero=0 problem with samba33 (including solution) Message-ID: <200910051448.n95EmVcd025214@lava.sentex.ca> In-Reply-To: <20091004164756.GA6021@curry.mchp.siemens.de> References: <20091003184220.GA2620@curry.mchp.siemens.de> <alpine.BSF.2.00.0910031624080.28602@dimension.5p.local> <20091003212308.GA3122@curry.mchp.siemens.de> <20091003215821.V26486@maildrop.int.zabbadoz.net> <20091004164756.GA6021@curry.mchp.siemens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:47 PM 10/4/2009, Andre Albsmeier wrote:
>On Sat, 03-Oct-2009 at 22:27:39 +0000, Bjoern A. Zeeb wrote:
> > On Sat, 3 Oct 2009, Andre Albsmeier wrote:
> >
> > Hi,
> >
> > > On Sat, 03-Oct-2009 at 16:27:32 -0400, jhell wrote:
> > >> On Sat, 3 Oct 2009 14:42 -0000, Andre.Albsmeier wrote:
> > >>
> > >>> FYI,
> > >>>
> > >>> after setting security.bsd.map_at_zero to 0 on 7.2-STABLE all
> > >>> samba33 programmes did abort() immediately after start. The
> > >>> solution was to use
> > >>>
> > >>> CONFIGURE_ARGS+= --disable-pie
> > >>>
> > >>> -Andre
> > >>>
> > >>
> > >> To add an additional note samba33 even when not running (not
> enabled by a rcvar)
> > >> also runs a tdbcleanup routine on shutdown and/or start that also does
> > >> abort().
> > >
> > > Yes, every samba programme is linked with -pie per default (so
> > > all abort()).
> >
> >
> > Thanks for reporting the issue. People are aware of the problem now
> > and we'll try to present a solution within the next days for better
> > position-independent executable (PIE) handling.
> >
> > Meanwhile there are multiple solutions for people affected:
> >
> > (1) recompile the port; but as more than just samba might be affected
> > and we generally do not want to flip the pie switch everywhere that's
> > probably only a temporary, private solution.
>
>I'll stick to this since I am happy about having the map_at_zero
>option and want to continue to try it out on 7.2-STABLE. And I
>see now reason why samba has to be linked with -pie (without -pie
>it is also 4% smaller).
Hi,
What are the impacts (if any) of compiling all the ports with PIE
disabled that are effected by setting security.bsd.map_at_zero=0 ?
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910051448.n95EmVcd025214>