From owner-freebsd-chromium@FreeBSD.ORG Mon May 5 20:29:07 2014 Return-Path: Delivered-To: freebsd-chromium@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A506F33B for ; Mon, 5 May 2014 20:29:07 +0000 (UTC) Received: from mail-qa0-x22e.google.com (mail-qa0-x22e.google.com [IPv6:2607:f8b0:400d:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 637AC310 for ; Mon, 5 May 2014 20:29:07 +0000 (UTC) Received: by mail-qa0-f46.google.com with SMTP id w8so7545532qac.5 for ; Mon, 05 May 2014 13:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=cX1r471Qfe8l6D0bJsmabZ9y62HtzmMel6bljE23xUA=; b=VBRBcwVOR8J//cG3bcWJU74Pty5sZ2i5ZFBUJh02DkbnB8zZ2P4Ihex8YGu9cY/Vv6 Pcyn7HOLYytXnIyw9cK10bH0xHz0Ea/hxTlrMs/KqqkwWGAZs5v5cMl/Pj5O03402FrJ X3ujM4raw/41QfzK20MDiNDYdbvCsWb0cV/szRPqSmz9AErrbJTPPz3EKIsHbStL6Ehk qqsnh9DTvjUUmLeS/3v/vSxuw/mSOhfHK4Wty6N4HdY3t77hdILLPCCc6Kg1S+J0F3Xf B7zR95+54oUTZasBQQ8QacNOxilQJhtf11ozHwDxualkSLMr/QXsy3V36rRuARXyp8XY HMiA== X-Received: by 10.224.160.142 with SMTP id n14mr49629278qax.17.1399321746253; Mon, 05 May 2014 13:29:06 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id o16sm19060235qax.23.2014.05.05.13.29.03 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 May 2014 13:29:03 -0700 (PDT) Date: Mon, 5 May 2014 16:29:01 -0400 From: Shawn Webb To: freebsd-chromium@freebsd.org Subject: Compiling Chromium as a Position-Independent Executable Message-ID: <20140505202901.GA3063@pwnie.vrt.sourcefire.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw" Content-Disposition: inline X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-chromium@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: FreeBSD-specific Chromium issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2014 20:29:07 -0000 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hey All, I'm working with a couple other developers on implementing ASLR on FreeBSD. In order for ASLR to be effective, applications have to compiled as position-independent executables (PIEs). In my ports tree [1], I've added support for doing just that. I'm doing initial testing with applications I frequently use. I've added PIE support to Chromium. I'm actively testing on my main workstation running 11-current/amd64. I noticed two things: 1) The flash plugin doesn't work on 11-current/amd64 with a kernel with ASLR compiled in. 2) HTML5 video and audio don't work when Chromium is compiled as a PIE. I do have the codecs port option turned on. I'm running my own pkgng repo at [2]. If you'd like to give it a whirl, feel free. Just be mindful of my precious VPS bandwidth. Chromium in that repo is compiled as a PIE. Any help would be appreciated. If you need logs or if there's anything I could do to help out, let me know. [1]: https://github.com/HardenedBSD/freebsd-ports [2]: http://amd64.11-current.pkgbuild.0xfeedface.org/ Thanks, Shawn --wac7ysb48OaltWcw Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTZ/SNAAoJEGqEZY9SRW7uB/EP/AvkyfzWqCjTmi+sICVOlAU2 vSdPed3pxwYVmIOvtX7pRTIvZ4kK7R+v6Hkce5vHFs+udypyWvyi56FKFC2/wax8 mguLRNA0LfEkOR6Rx3/bG0hq+n4AgmWdsiHrIA/o4Kwme3ulWZfad0QdU07flMLE dWLqoB7Sv4ovuYM6ghmM3uppuUwemUhI6V1mD6leVQoSndoiSu2BlpCdIq80ppZ0 CLH4BdPdMyFFemX22qsKcQYtZClHbyKA4DALrpse8GxpDQcOyTQIakoubCtH71Il 45oiQ8ihJLREclo1rYsrXUzq8fMaMZswM/9stb0ZXJ3ny1LWZtAamdez3b1diejZ jJ9AzRD3LPpSesd6C8NDRJ7UdNb7nrqJpi8q/E6egD0Xvs9qrThfMFpWK8mt539u NbobSu9Ru1muDcBaTmXqL3lCRi2xZVxchik+6Xmjl0SnZTE3ll9fczZtxZS+a83j /kJgtN4v7BvLtIJvS/4agvY0xbY27xZDI+YoO0AwigFHCLUzVAkNCpdAtih632Ci 7wvRhQE2O1aPec/mmqltR/djoLb6PLSKF0PFaU6GdRNH3BXTCu5E3CsJMa5ds5sS HrYdweZv8Dpkyk6+tBze+iJxPghAj7zTUql2v9XZ0hoe+o0WvQMKOZlffX3g00xa gO4Ax7GUQrArDKK3WMdh =ticc -----END PGP SIGNATURE----- --wac7ysb48OaltWcw--