From owner-freebsd-current@FreeBSD.ORG Sat May 10 20:14:45 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DB048C86 for ; Sat, 10 May 2014 20:14:45 +0000 (UTC) Received: from mail-pa0-f48.google.com (mail-pa0-f48.google.com [209.85.220.48]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AAB9D66B for ; Sat, 10 May 2014 20:14:45 +0000 (UTC) Received: by mail-pa0-f48.google.com with SMTP id rd3so5747938pab.35 for ; Sat, 10 May 2014 13:14:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=XZ3q9/P3P+3xB3hHVmHNTzs/u7tT89va+iH8QDJ3HF8=; b=N8a381oKFby5wbP3ZFJtDGHHEU3bJhfgWUgcQxnfKXCLRyTxKc/Q9sPXChuFni9rVT yBVjBikTbcLPXv2YMk3sRQ/DvdmPar4GLfdYOIn05kjHowzeKe2YvJJ0xnWC8Gc/vmE1 0uv8YYbkLpZ7lnyDOv5l8ffw1dceX9tBhZnoUA5OdnX/CuqLS10EPxDK0dq1Jww4Jtcu HyAdsDHwmpZ5h1TYTt9TgJ36sSima5f5TQtwT7pKesBDyyAn22y99OoJt78DqEAMD6+C s7NBYToPzcVSNpckCLv5geY48USNFtwo0mRii3L2DjWWdUqzqlJP7ZGFSgPqyfIYZ34n l9tQ== X-Gm-Message-State: ALoCoQmVP04cpWmOf35ejn9HNw+Vs8f+qdKHmdLVcXGG7cgfut+4QOhnsHINEi298CgypSAYsY4q X-Received: by 10.66.190.73 with SMTP id go9mr36618935pac.18.1399752879019; Sat, 10 May 2014 13:14:39 -0700 (PDT) Received: from lgwl-achen.corp.netflix.com (dc1-prod.netflix.com. [69.53.236.251]) by mx.google.com with ESMTPSA id ky8sm14287248pbc.64.2014.05.10.13.14.37 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 May 2014 13:14:38 -0700 (PDT) Sender: Warner Losh Content-Type: multipart/signed; boundary="Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: Recent Changes to WITH_*/WITHOUT_* in src From: Warner Losh In-Reply-To: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> Date: Sat, 10 May 2014 14:14:36 -0600 Message-Id: <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> References: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> To: Shawn Webb X-Mailer: Apple Mail (2.1874) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2014 20:14:45 -0000 --Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On May 10, 2014, at 10:45 AM, Shawn Webb wrote: > Hey All, >=20 > It seems that the recent changes to the makefiles for building > world/kernel have broken some modifications I have locally for > implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd > ask for a bit of help. I'm sure the solution is quite simple. >=20 > My code is up on GitHub. I'll include links at the bottom of the = email. >=20 > The code in question is in share/mk/bsd.prog.mk, where I'm checking to > see if MK_PIE is not equal to "no". Prior to the recent changes, this > code used to work. (Please note that I know that the way I'm cheking = is > a bit bloated, if anyone has any suggestions to trim my code down, let > me know). You=92ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since bsd.*.mk files need it. > How this feature is supposed to work is: > 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building > applications as position-independent executables opt-in. > 2) User adds WITH_PIE=3D1 to /etc/src.conf or /etc/make.conf > 3) The application being built needs to also specify CAN_PIE=3D1 in = its > Makefile. This is because some applications don't support being built = as > a position-independent executable. > 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional > CFLAGS. >=20 > The log from my build is here: http://ix.io/cf0 >=20 > My code is here: > = https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/shar= e/mk/bsd.prog.mk#L14-L22 Maybe RESCUE should define NO_SHARED=3Dyes since it is building a static binary so you can eliminate a special case that infects the = bsd.*.mk files with defines from our src build? Hate that you are propagating the NO_SHARED=3Dno interface, but can=92t offer at better suggestion at the moment. I=92d kinda like to kill that=85= Warner > Thanks, >=20 > Shawn > CC: imp@bsdimp.com --Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTboisAAoJEGwc0Sh9sBEAsk8P/igEMLql3tKEB8Wtbx6uC9oK 1F6vENnehiiN4X7//xt5CQurglV6yNZsWVMgbyc/ux5FDTVA/HSw9bTbl8qNjkwB oyA3gNzoRl4M/aBwSGGKb6HH5Ktd79mwMCdvRFuCI4umKCH1CzJYcfu+noNd4GH7 tIHs0ocqBmOBzUZyf6CZzr6SeZhqfTaCJ4rcXXq06hnYAzZFxX9n5UONGdDGRpaD /p0VWOIyP9pLqFPC95KN0gkwcocfPl5ItziwDL2P9PrGtPOEZMAA6wCz34cNYIVB 3eK7qhNEt2txQxNgrnKEm9xxfVXw1Kl4vFyMh6pRFqJIsLOYDlHs19lFSQcSEQWI iJAlSvfx2OektzHXgzhYyl3P+XRJEs6kPdlMq7JHE/JgqegDAmK/Z0WBboThoSXE w0ooWPAAlwZAv5x5xqRkQM7L5JYTx2hKc5A2WkiS6zKTGryoSAEtPDNVvVw1X8nB dquz5Mh2eby0V/gALs2pZUnSOibOglyjBtWTPucNF22GdjAHjhgy1k8/qN8Mexkl 2uK0pcCaPes5LxTAyoC4oEUGFrvhG09n6Ru7FhZjiYGtgTtR3ydPKinB/8se/FYv ZGgN/j3oKH4Wg58GHd6iJ1bvmdTb/pT4qV+U88oKPwxA+WF/pWylrTl9j6nGS1uJ gv3SBZX0BtYggxmMvg2R =Vgwi -----END PGP SIGNATURE----- --Apple-Mail=_8B69A79B-612B-4831-8E88-03BC25470A54--