From owner-freebsd-current@FreeBSD.ORG Sat May 10 16:45:16 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E968DBBA for ; Sat, 10 May 2014 16:45:15 +0000 (UTC) Received: from mail-qg0-x229.google.com (mail-qg0-x229.google.com [IPv6:2607:f8b0:400d:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A7D5E2D0 for ; Sat, 10 May 2014 16:45:15 +0000 (UTC) Received: by mail-qg0-f41.google.com with SMTP id j5so5924504qga.0 for ; Sat, 10 May 2014 09:45:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=kh4yoV1p9+9Phxz21OKNmGWYEG/v6Yha4PwPJ/kKE9Y=; b=PKliG7yDzkt1iV7X3DqJWMT3q153m2hVM6wGHyu7FLqt7kFZK8GeczHa+yQHpC9kD4 gVdgg9POzq+18sJqu3DQRCKXpl2zpiUoOD/AmwDQn99JC1uLLmL2vdD/ACYngOMX7Hpn JPeWMGQk25j58uezeXOlzRK7HjChx7vLI0yVcp7aikfDkZW5xKCdFN1BdAowiLyAQBPs Ne6C4rakGQphHOOY+DiJklGrvpWcmbYZwEw9CxjNdcQ+GKGYrBT6MjzMqC6XFO8bgRFs Sk7Qu1aWgcv21QwAjauz1ttp63atobNdbf4EX5KmFImlL3m5GCDbQSoZxAUQEqWyBZFp Xswg== X-Received: by 10.224.119.131 with SMTP id z3mr24140046qaq.91.1399740314726; Sat, 10 May 2014 09:45:14 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id l3sm12360121qao.33.2014.05.10.09.45.13 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 May 2014 09:45:14 -0700 (PDT) Date: Sat, 10 May 2014 12:45:12 -0400 From: Shawn Webb To: freebsd-current@freebsd.org Subject: Recent Changes to WITH_*/WITHOUT_* in src Message-ID: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6k8oSBQUGGHRSAt9" Content-Disposition: inline X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: imp@bsdimp.com X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2014 16:45:16 -0000 --6k8oSBQUGGHRSAt9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hey All, It seems that the recent changes to the makefiles for building world/kernel have broken some modifications I have locally for implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd ask for a bit of help. I'm sure the solution is quite simple. My code is up on GitHub. I'll include links at the bottom of the email. The code in question is in share/mk/bsd.prog.mk, where I'm checking to see if MK_PIE is not equal to "no". Prior to the recent changes, this code used to work. (Please note that I know that the way I'm cheking is a bit bloated, if anyone has any suggestions to trim my code down, let me know). How this feature is supposed to work is: 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building applications as position-independent executables opt-in. 2) User adds WITH_PIE=1 to /etc/src.conf or /etc/make.conf 3) The application being built needs to also specify CAN_PIE=1 in its Makefile. This is because some applications don't support being built as a position-independent executable. 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional CFLAGS. The log from my build is here: http://ix.io/cf0 My code is here: https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/share/mk/bsd.prog.mk#L14-L22 Thanks, Shawn CC: imp@bsdimp.com --6k8oSBQUGGHRSAt9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTbleXAAoJEGqEZY9SRW7u/IwP/jCG8v1f1av5nxqcHU0S2xKE lG7goSmbTs3mk3Lf3a6dEzP2n5QO0i4LISmniPS6nI43P2NyaPiyeQhGrCxjyYGF ot3bYXnu5W4RU2steh2ArTfx4py5YMNbacSLizvS8bukf9JXgK83Zl3kzDfFLzAH j3lfGHquPCExfFBPq/7WS1nCQCCgGkalFExrv9ejAq24j3uSGUjIEfhc6fjSDnOV WQRQ/iVnZcvpGMWl2ij5a+7kTCmDy6m/NON9CNdtr18zre7xf0LDyWQ64mhjmMoC ckaErRqlKmI3zgxK14LCujV6fI7aQqUg4klbC879ftpdeZOAVxiyqn5xsU3WFH9a QYBwdXsmo732OvY5J2pxNC+D9BcOv3yStMtTZ+05LeORetCcQ1hBKi91HpV92xIq Uw9lZiJXq+Cf2yRIgjM+YQXB/FJNwUk6JYBdMfLF35N269BWzWVB5TFk480Vswms BTfdKdSqhFTkNmqXBEMyVq8JlPsrflE0H1AF70zvUvgNeN4VfQJqrbtF/wmoPC2y WJ/v1Odd8mchGgYG33SKFkgiWiI2co0aEIhYaWe96iJoqzOAEpAPmhMv1E3E4VAd QZ/iR0xEIIKlGpLnohqk1k8/pTUCOsE6dk7h1zaxaJxSgtokG7YBrcmjjn++T+NW sp6YbVyon117weuDV5Ab =V7K5 -----END PGP SIGNATURE----- --6k8oSBQUGGHRSAt9--