Date: Sun, 08 Jun 2014 16:39:47 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Pedro Giffuni <pfg@FreeBSD.org>, Alfred Perlstein <bright@mu.org>, Konstantin Belousov <kostikbel@gmail.com> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r267233 - in head: . bin/rmail gnu/usr.bin/binutils/addr2line gnu/usr.bin/binutils/nm gnu/usr.bin/binutils/objcopy gnu/usr.bin/binutils/objdump gnu/usr.bin/binutils/readelf gnu/usr.bin/... Message-ID: <5394D823.60106@FreeBSD.org> In-Reply-To: <5394C3D8.7040800@FreeBSD.org> References: <201406081729.s58HTWkc006213@svn.freebsd.org> <74512A27-DD5F-4D43-BFA1-0AC04E0D08B4@FreeBSD.org> <20140608182728.GX3991@kib.kiev.ua> <5394ABD2.5040009@mu.org> <20140608184451.GZ3991@kib.kiev.ua> <5394B607.1000109@mu.org> <5394C3D8.7040800@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 6/8/2014 3:13 PM, Pedro Giffuni wrote: > Hello; >=20 > El 6/8/2014 2:14 PM, Alfred Perlstein escribi=F3: >> On 6/8/14 11:44 AM, Konstantin Belousov wrote: >>> On Sun, Jun 08, 2014 at 11:30:42AM -0700, Alfred Perlstein wrote: >>>> On 6/8/14 11:27 AM, Konstantin Belousov wrote: >>>>> On Sun, Jun 08, 2014 at 05:38:49PM +0000, Bjoern A. Zeeb wrote: >>>>>> On 08 Jun 2014, at 17:29 , Bryan Drewery <bdrewery@FreeBSD.org> >>>>>> wrote: >>>>>> >>>>>>> Author: bdrewery >>>>>>> Date: Sun Jun 8 17:29:31 2014 >>>>>>> New Revision: 267233 >>>>>>> URL: http://svnweb.freebsd.org/changeset/base/267233 >>>>>>> >>>>>>> Log: >>>>>>> In preparation for ASLR [1] support add WITH_PIE to support >>>>>>> building with -fPIE. >>>>>>> >>>>>>> This is currently an opt-in build flag. Once ASLR support is >>>>>>> ready and stable >>>>>>> it should changed to opt-out and be enabled by default along >>>>>>> with ASLR. >>>>>>> >>>>>>> Each application Makefile uses opt-out to ensure that ASLR wil= l >>>>>>> be enabled by >>>>>>> default in new directories when the system is compiled with >>>>>>> PIE/ASLR. [2] >>>>>>> >>>>>>> Mark known build failures as NO_PIE for now. >>>>>> No, no, no, no more NOs! >>>>>> >>>>>> I?ll leave it to others who understand the current build system in= >>>>>> days when it?s not broken to fix this entire splattering across al= l >>>>>> these Makefiles; we really need a better way for this. >>>>> I have no words to express my dissatisfaction with this commit. >>>>> If change to the build of _some_ usermode binaries require patching= >>>>> of loader', csu and rtld Makefiles, obviously it is done wrong. >>>>> >>>>> Why almost half of the binaries require opt-out ? >>>>> >>>>> PLEASE REVERT THIS. >>>> Wait. Does this not serve as a useful stake in the ground for >>>> people to >>>> come in and update things? Instead of asking to back out, shouldn't= we >>>> be doing an announcement "ok folks, it's now time to fix this!" and >>>> move >>>> forward? Otherwise we may never get any pie. >>> Let me reformulate. >>> >>> Somebody commits broken change, despite it was pointed out by many >>> before the commit. From the changes it is obvious that people which >>> proposed it do not understand what they hack on. And then, somebody e= lse >>> must run and 'fix' previously non-broken code. >>> >>> Sure, you get the pie. >> Sure, but hasn't the default stayed unchanged? >> >> It seems like you have to enable ASLR first before you see all the >> breakage. Right now it seems like goal was to document what even >> compiles versus doesn't compile with ASLR. Afaik there is not setting= >> of ASLR on by default. >> >=20 > FWIW, and with huge respect to the people working on it, I have come to= > the conclusion that ASLR is useless. The fact that MS and Apple enable > it now by default is not really a point in favor of the technology as > the workarounds became popular and finer randomization won't help[1]. >=20 > I am also worried about the performance: Redhat created PIE but > backpedaled when they noticed the performance impact and AFAICT only us= e > PIE in a restricted set of binaries. >=20 > I would like to see these as an option but I don't think it should ever= > be made the default. Yes, I am aware these patches don't turn anything > by default but I (and probably others) am suspecting such a switch may > be thrown upon us without much discussion. >=20 >=20 >> There has to be a way to call out what works and what doesn't work and= >> form a transition from a world with no ASLR to one with some ASLR and >> eventually one with almost entirely ASLR coverage. I'm not sure it ca= n >> be done in one fell swoop. Hooks like this in -current allow for this= >> to be done as a group effort. >> >> It would be very unlikely that we retain the semantics all the way unt= il >> a -stable release. >> >=20 > I am not (yet) criticizing the patches to the build system as I want to= > preserve my innocence ;) ... but perhaps if the semantics are not > finalized this should be done in a branch. It is my opinion that in > general we are not using SVN branches as much as we should. >=20 > Pedro. >=20 > For reference: >=20 > [1] http://youtu.be/dkZ9zdSRQYM Yes there are performance implications. No, the default of PIE and ASLR won't be done without discussion. --=20 Regards, Bryan Drewery --XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTlNgjAAoJEDXXcbtuRpfPMf8IAKDs8yr/m+J2CzChPgve4pSX TQMy57Vcd/7y8w4jTYZ6ANXqpg98ZlwDh0PFHZJYqfxnECCvV8iJie5uX7+ogUbs a+wDt58+4MxY6EpYyE7prw6BYJLUTEmHp07yPQjWHRRPydxkkH+kk0uVcfFXefNz sB7hxtg8mA8cIw/wrfuRXZS5rpxl6im5gIww1Yxgq15gyHM61vgVR763b3OugOG3 NSe7FhtbFttD8zBxlGGRC/mAJkUTDWXedTUCmDBbuaVYd6h5pm09ZWDmnRVdsrqs jHSch/3YQWM9NbZiPbFTOHe8PazlpzCC0ohmxDYxYZY5GbemSpN9nAfT1/xJ2J4= =QG+C -----END PGP SIGNATURE----- --XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5394D823.60106>