From owner-freebsd-current@FreeBSD.ORG Sat May 10 21:30:05 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 92C1FB8C for ; Sat, 10 May 2014 21:30:05 +0000 (UTC) Received: from mail-pd0-f171.google.com (mail-pd0-f171.google.com [209.85.192.171]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 60E1AC2C for ; Sat, 10 May 2014 21:30:04 +0000 (UTC) Received: by mail-pd0-f171.google.com with SMTP id r10so5091541pdi.30 for ; Sat, 10 May 2014 14:29:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=NBHUPqqW/aUUn76yqP0Pt6FKMA6EZiT4te2nxvVmQ40=; b=MgXz5pEGiaDc8TdzCIZ5SeaN2r6MJehJ9UzWNUE/yjnOKiavt3O/sJbwrSU/xogKd/ ltsTIEdOczpJpLa2m8Z6hsbZ4a+gojHEcUf5Lu1DFwHqkwwctMm3/itddTALcGQpnfC1 x3aZs94B/agp82CREOX1noayNLeOoRK8hNHnGlfZ9xMeeXAz1k9m5xHPrwm4yrXnucFh tmC9mydRXgNCh7ceBZUOtfC6czn/ZURcW1S/4djZ84jCfb/j2wNmpBeccWyqsb26fPah 3Dffo0f8k0KmLA4Sed5E9x2SgRYgSOEvvoACpnYTlFvffGHFQmJSQkjFOcQvDiaiWAa1 /RyQ== X-Gm-Message-State: ALoCoQk1w1+bpI5eXwWGLOtZtDeCkOn/gvnom89QC3kD7+PJkgUdlFvH1TyExp/SSSJIiXCkhaVl X-Received: by 10.66.156.34 with SMTP id wb2mr29617536pab.83.1399757397853; Sat, 10 May 2014 14:29:57 -0700 (PDT) Received: from lgwl-achen.corp.netflix.com (dc1-prod.netflix.com. [69.53.236.251]) by mx.google.com with ESMTPSA id xx4sm14485310pbb.51.2014.05.10.14.29.56 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 May 2014 14:29:56 -0700 (PDT) Sender: Warner Losh Content-Type: multipart/signed; boundary="Apple-Mail=_67AD0C05-EB58-4BE1-9061-C292B791F3F1"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\)) Subject: Re: Recent Changes to WITH_*/WITHOUT_* in src From: Warner Losh In-Reply-To: <20140510212531.GT3063@pwnie.vrt.sourcefire.com> Date: Sat, 10 May 2014 15:29:53 -0600 Message-Id: References: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> <20140510212531.GT3063@pwnie.vrt.sourcefire.com> To: Shawn Webb X-Mailer: Apple Mail (2.1874) Cc: freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 May 2014 21:30:05 -0000 --Apple-Mail=_67AD0C05-EB58-4BE1-9061-C292B791F3F1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On May 10, 2014, at 3:25 PM, Shawn Webb wrote: > On May 10, 2014 02:14 PM -0600, Warner Losh wrote: >>=20 >> On May 10, 2014, at 10:45 AM, Shawn Webb wrote: >>=20 >>> Hey All, >>>=20 >>> It seems that the recent changes to the makefiles for building >>> world/kernel have broken some modifications I have locally for >>> implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought = I'd >>> ask for a bit of help. I'm sure the solution is quite simple. >>>=20 >>> My code is up on GitHub. I'll include links at the bottom of the = email. >>>=20 >>> The code in question is in share/mk/bsd.prog.mk, where I'm checking = to >>> see if MK_PIE is not equal to "no". Prior to the recent changes, = this >>> code used to work. (Please note that I know that the way I'm cheking = is >>> a bit bloated, if anyone has any suggestions to trim my code down, = let >>> me know). >>=20 >> You?ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since >> bsd.*.mk files need it. >>=20 >=20 > Thanks a lot! Adding it to that one worked. >=20 > But what's the difference between the DEFAULT_NO_OPTIONS in = src.opts.mk and > bsd.opts.mk? Options to build FreeBSD=92s /usr/src are defined in src.opts.mk. = Options tested by bsd.*.mk, which can be used to build other things, are = in bsd.opts.mk.=20 >>> How this feature is supposed to work is: >>> 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building >>> applications as position-independent executables opt-in. >>> 2) User adds WITH_PIE=3D1 to /etc/src.conf or /etc/make.conf >>> 3) The application being built needs to also specify CAN_PIE=3D1 in = its >>> Makefile. This is because some applications don't support being = built as >>> a position-independent executable. >>> 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional >>> CFLAGS. >>>=20 >>> The log from my build is here: http://ix.io/cf0 >>>=20 >>> My code is here: >>> = https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/shar= e/mk/bsd.prog.mk#L14-L22 >>=20 >> Maybe RESCUE should define NO_SHARED=3Dyes since it is building a >> static binary so you can eliminate a special case that infects the = bsd.*.mk files >> with defines from our src build? >>=20 >=20 > That sounds like a good idea. Since that's outside the scope of my = ASLR > work, should I file a PR for that? Nah, mostly a poke at a 20 year old mistake :) >> Hate that you are propagating the NO_SHARED=3Dno interface, but can?t >> offer at better suggestion at the moment. I?d kinda like to kill = that? >=20 > In looking at the Makefiles, it seems like NO_*/YES_* is being phased > out. Once a suitable alternative to NO_SHARED is in place, I'll make > adjustments on my end. Yea, NO_SHARED likely is going to be the last to die :) NO_FOO used to = be both a Makefile command and a user option. I=92m eliminating the = latter, although some of the former may live on. Warner --Apple-Mail=_67AD0C05-EB58-4BE1-9061-C292B791F3F1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTbppSAAoJEGwc0Sh9sBEAoyoQAJn9yoFuxuJMWon/MF77le+/ UVSXGs++45iocY6GupqW3dPqSYNQvJlw1Yh2eRcErc0DfEzME7QfhPpgqW41Vb5m Zp2eduJUA4NgfolvbeCp/wtQeUsC9tWWUl2CxwfaFnYxAsmYOaEGAK55jQ6y9zzi v6BgTFlLcH2F+lTquPPyQ8+rPUKneOoAzZCqKyjZiplP3CQRekYM46yWcLhB8S+e JLbbB2lSc440VZ7UNc3GVa9UnoQVpueQaGzIQSKUamf7qMayArwLfm41MnahRXur X4aKiUmU6QBhrfdPzen61f6e0oE1ny7KKdXPRZtTMRMliUISWuZC6NNcTrqzxA+X FaKtRHpUa3VEMgdAlnzmZnsOM5rVYqRINEqGjo0GdS5vFyAjm2/A5hQPk8uzc7ec k9c1cu7QZcp4ApUs4PUy/i6c2RmgAEJOmI4WF0/9IO2+XxSjGVIykKiBIKlodRoM ECeiNqWHNYN7fx8rn5iT9qwTDMdMmEktFz+zT4kT5lmiN9Mi1uq1IPnOm0gFD+1v UFnhixPDNCF4b8gXOXJb2lbDcghyqJjwBIQf40r7JPE11ImrSPJ85e5AhOdHCPx/ YxTmOGetXh66Gy1n3ADiQk1gtxnZj0pkezgaViswQjHriKkrN1JiLuHeSSftXmze zaFgHIjFqhc2fwmPZSgl =YITc -----END PGP SIGNATURE----- --Apple-Mail=_67AD0C05-EB58-4BE1-9061-C292B791F3F1--