Date: Sun, 30 Jan 2022 15:40:06 +0100 From: Marcin Wojtas <mw@semihalf.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: FreeBSD Current <current@freebsd.org> Subject: Re: HEADS-UP: PIE enabled by default on stable/13 Message-ID: <CAPv3WKd_LQ=swiFQZFzqLSqFnA4Vq1V-Gr7cZ9%2Bc2a2YsOOPyA@mail.gmail.com> In-Reply-To: <77736438-0211-faf8-926d-2805dd9b40da@plan-b.pwste.edu.pl> References: <CAPv3WKeCfHMLXN72sdmZCY03jLG7u79_8=sg0cj3N9rDxsm4nw@mail.gmail.com> <CAPv3WKcSgq-D0dOVQn7AVbKU_TSG0YeotywN-N=M=FpBVCKa2g@mail.gmail.com> <1ec9c802-c8a5-237a-50a3-31885cae917e@plan-b.pwste.edu.pl> <CAPv3WKebAf7e40=mjZZz-tTjAt5AiAkeUVgaxkQa5FBskEWJkg@mail.gmail.com> <77736438-0211-faf8-926d-2805dd9b40da@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, pon., 24 sty 2022 o 20:48 Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> napisa=C5=82(a): > > Hello Marcin > W dniu 24.01.2022 o 19:43, Marcin Wojtas pisze: > > Hi Marek, > > > > pon., 24 sty 2022 o 08:17 Marek Zarychta > > <zarychtam@plan-b.pwste.edu.pl> napisa=C5=82(a): > >> > >> W dniu 24.01.2022 o 07:42, Marcin Wojtas pisze: > >>> +freebsd-stable@ > >>> > >>> niedz., 23 sty 2022 o 11:36 Marcin Wojtas <mw@semihalf.com> napisa=C5= =82(a): > >>>> > >>>> Hi, > >>>> > >>>> As of 396e9f259d962 the base system binaries are now built as positi= on-independent executable (PIE) by default, for 64-bit architectures. Thank= s to that enabling ASLR can be done simply > >>>> by sysctls knobs when booting the kernel. > >>>> > >>>> If you track stable/13 and normally build WITHOUT_CLEAN you'll need = to do one initial clean build -- either run `make cleanworld` or set WITH_C= LEAN=3Dyes. > >>>> > >>>> The change is a pure MFC of the changes integrated to -CURRENT early= 2021 and no issues are expected, but in case any problems are observed, pl= ease issue a PR and/or let me know in this thread. > >>>> > >>>> Best regards, > >>>> Marcin > >>> > >> > >> Thanks for enabling this. If I understand it correctly we got some > >> improvements mentioned here[1] and it doesn't imply that ASLR has to b= e > >> enabled, especially kern.elf64.aslr.pie_enable can be still set to 0 ? > >> > > > > Currently it still remains opt-in on stable/13 and is disabled by defau= lt. > > > > Best regards, > > Marcin > > Thanks for the answer. I am not willing to turn ASLR on at this point, > but rather asking if my world, already built with PIE, will bring any > other enhancements or improvements? > If your world is already built with PIE, the MFC'ed patches should make no difference at all. Best regards, Marcin > > > >> > >> [1] https://www.mail-archive.com/freebsd-current@freebsd.org/msg183605= .html > >> > > > With kind regards, > > -- > Marek Zarychta
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPv3WKd_LQ=swiFQZFzqLSqFnA4Vq1V-Gr7cZ9%2Bc2a2YsOOPyA>