From owner-freebsd-arch@FreeBSD.ORG Mon Oct 13 22:02:35 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C10C3C3F for ; Mon, 13 Oct 2014 22:02:35 +0000 (UTC) Received: from mail-la0-f45.google.com (mail-la0-f45.google.com [209.85.215.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B1707BD for ; Mon, 13 Oct 2014 22:02:34 +0000 (UTC) Received: by mail-la0-f45.google.com with SMTP id q1so7451838lam.32 for ; Mon, 13 Oct 2014 15:02:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=9twvnwbKwvC61L+h8TRbjP2NqKDGkKl9Navlg56HZrU=; b=W4fA6oWdKTQuMCtHnOX1MKsJirw1TMau7K3xUkFgX/A6qD8OO9N9Q+Sy4EPe2DuiG6 rgw4/QT7gvgCZZbB01spiwNkYU5jHL1ICVZX+tN05RQlrFHvsyzZYowPpdEA8Fb10uOt AERDuXWedjXiaeSSOIAXpVy7Wp7SyHkUmiItWyJOM2DvSYR3iiTT5Yz+Tdqgt+QmL993 Pd52wJI2dXWlbIpvdUs/ZhGxWwQMaK4OkwEjnQBfPhg8af2KGDyglylAPWJ0Cb4npNs3 V3elk6Wc5B+dm4m4ZoDbeWG99/jB5SNteh5NjSBIesWlIkz1vCjeV9JXb/A2hAesWNiT UCFA== X-Gm-Message-State: ALoCoQmtWw96Im2PblPgrNs1z9jLb86FFRaOQ5PKIjF2Wwqi+R5g0vXY+Ukj6hzSwad2zzJHUjOE MIME-Version: 1.0 X-Received: by 10.112.201.138 with SMTP id ka10mr1344762lbc.20.1413237747203; Mon, 13 Oct 2014 15:02:27 -0700 (PDT) Received: by 10.25.23.85 with HTTP; Mon, 13 Oct 2014 15:02:27 -0700 (PDT) X-Originating-IP: [80.111.192.87] Date: Mon, 13 Oct 2014 23:02:27 +0100 Message-ID: Subject: PIE/PIC support on base From: David Carlier To: freebsd-arch@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2014 22:02:35 -0000 Hi all, HardenedBSD plans to add PIE support on base in various place. These are B. Drewery suggestions : The _pic ones are not needed. The main lib file just needs INSTALL_PIC_ARCHIVE=yes. Modifying CFLAGS in every Makefile is not right, just add a USE_PIE or something to pull in common logic from share/mk. Also I know that, at least for a start, it wished to be applied in some few places, like tcpdump/traceroute, sendmail ... shells ... I thought about also casper/capsicum ... ntp ... jail Kind regards.