Date: Mon, 15 Jul 2024 09:38:05 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 280238] security/crowdsec-firewall-bouncer: not WITH_PIE safe Message-ID: <bug-280238-7788-jso1Ed8RQA@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280238-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-280238-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D280238 --- Comment #2 from Alexander Leidinger <netchild@FreeBSD.org> --- (In reply to marco from comment #1) PIE_UNSAFE means it is not building when WITH_PIE is set. It is not meant to mean that it is unsafe to run it with PIE, in case this is your concern. The article itself is what I found when googling for PIE and golang, so it = may not be 100% matching, but at least it gives an idea that it is not trivial = to get it working with golang. I stumped upon this because I want to try crowdsec and I compile every port with WITH_PIE (and others) by default. The idea of compiling with PIE is to make ASLR work ( * https://man.freebsd.org/cgi/man.cgi?query=3Dmitigations * https://mropert.github.io/2018/02/02/pic_pie_sanitizers/ ). The problem when compiling the firewall-bouncer with PIE is that a dependen= cy is not compiled with PIE. As I build all ports with PIE and have not excluded any golang port, and the go.mk has some kind of pie support, my first assumption would be that it is something inside the port itself which doesn't inherit the --buildmode=3Dpi= e. I haven't done something with golang at all, so my workaround for my systems = is to add PIE_UNSAFE to the port (via setting it in make.conf for this particu= lar port). I could add the PIE_UNSAFE variable in the port Makefile now, or you could = add it with the next update, or you could have a look why the firewall-bouncer doesn't build correctly when PIE is enabled. Do you have any preference in = this regard or other ideas? Bye, Alexander. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280238-7788-jso1Ed8RQA>