From owner-svn-src-all@FreeBSD.ORG Sun Jun 8 21:39:51 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7AACE555 for ; Sun, 8 Jun 2014 21:39:51 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5523A2B40 for ; Sun, 8 Jun 2014 21:39:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s58LdplJ068876 for ; Sun, 8 Jun 2014 21:39:51 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id s58Ldpg0068865 for svn-src-all@freebsd.org; Sun, 8 Jun 2014 21:39:51 GMT (envelope-from bdrewery) Received: (qmail 26613 invoked from network); 8 Jun 2014 16:39:49 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 8 Jun 2014 16:39:49 -0500 Message-ID: <5394D823.60106@FreeBSD.org> Date: Sun, 08 Jun 2014 16:39:47 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: Pedro Giffuni , Alfred Perlstein , Konstantin Belousov Subject: Re: svn commit: r267233 - in head: . bin/rmail gnu/usr.bin/binutils/addr2line gnu/usr.bin/binutils/nm gnu/usr.bin/binutils/objcopy gnu/usr.bin/binutils/objdump gnu/usr.bin/binutils/readelf gnu/usr.bin/... References: <201406081729.s58HTWkc006213@svn.freebsd.org> <74512A27-DD5F-4D43-BFA1-0AC04E0D08B4@FreeBSD.org> <20140608182728.GX3991@kib.kiev.ua> <5394ABD2.5040009@mu.org> <20140608184451.GZ3991@kib.kiev.ua> <5394B607.1000109@mu.org> <5394C3D8.7040800@FreeBSD.org> In-Reply-To: <5394C3D8.7040800@FreeBSD.org> X-Enigmail-Version: 1.6 OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb" Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jun 2014 21:39:51 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 6/8/2014 3:13 PM, Pedro Giffuni wrote: > Hello; >=20 > El 6/8/2014 2:14 PM, Alfred Perlstein escribi=F3: >> On 6/8/14 11:44 AM, Konstantin Belousov wrote: >>> On Sun, Jun 08, 2014 at 11:30:42AM -0700, Alfred Perlstein wrote: >>>> On 6/8/14 11:27 AM, Konstantin Belousov wrote: >>>>> On Sun, Jun 08, 2014 at 05:38:49PM +0000, Bjoern A. Zeeb wrote: >>>>>> On 08 Jun 2014, at 17:29 , Bryan Drewery >>>>>> wrote: >>>>>> >>>>>>> Author: bdrewery >>>>>>> Date: Sun Jun 8 17:29:31 2014 >>>>>>> New Revision: 267233 >>>>>>> URL: http://svnweb.freebsd.org/changeset/base/267233 >>>>>>> >>>>>>> Log: >>>>>>> In preparation for ASLR [1] support add WITH_PIE to support >>>>>>> building with -fPIE. >>>>>>> >>>>>>> This is currently an opt-in build flag. Once ASLR support is >>>>>>> ready and stable >>>>>>> it should changed to opt-out and be enabled by default along >>>>>>> with ASLR. >>>>>>> >>>>>>> Each application Makefile uses opt-out to ensure that ASLR wil= l >>>>>>> be enabled by >>>>>>> default in new directories when the system is compiled with >>>>>>> PIE/ASLR. [2] >>>>>>> >>>>>>> Mark known build failures as NO_PIE for now. >>>>>> No, no, no, no more NOs! >>>>>> >>>>>> I?ll leave it to others who understand the current build system in= >>>>>> days when it?s not broken to fix this entire splattering across al= l >>>>>> these Makefiles; we really need a better way for this. >>>>> I have no words to express my dissatisfaction with this commit. >>>>> If change to the build of _some_ usermode binaries require patching= >>>>> of loader', csu and rtld Makefiles, obviously it is done wrong. >>>>> >>>>> Why almost half of the binaries require opt-out ? >>>>> >>>>> PLEASE REVERT THIS. >>>> Wait. Does this not serve as a useful stake in the ground for >>>> people to >>>> come in and update things? Instead of asking to back out, shouldn't= we >>>> be doing an announcement "ok folks, it's now time to fix this!" and >>>> move >>>> forward? Otherwise we may never get any pie. >>> Let me reformulate. >>> >>> Somebody commits broken change, despite it was pointed out by many >>> before the commit. From the changes it is obvious that people which >>> proposed it do not understand what they hack on. And then, somebody e= lse >>> must run and 'fix' previously non-broken code. >>> >>> Sure, you get the pie. >> Sure, but hasn't the default stayed unchanged? >> >> It seems like you have to enable ASLR first before you see all the >> breakage. Right now it seems like goal was to document what even >> compiles versus doesn't compile with ASLR. Afaik there is not setting= >> of ASLR on by default. >> >=20 > FWIW, and with huge respect to the people working on it, I have come to= > the conclusion that ASLR is useless. The fact that MS and Apple enable > it now by default is not really a point in favor of the technology as > the workarounds became popular and finer randomization won't help[1]. >=20 > I am also worried about the performance: Redhat created PIE but > backpedaled when they noticed the performance impact and AFAICT only us= e > PIE in a restricted set of binaries. >=20 > I would like to see these as an option but I don't think it should ever= > be made the default. Yes, I am aware these patches don't turn anything > by default but I (and probably others) am suspecting such a switch may > be thrown upon us without much discussion. >=20 >=20 >> There has to be a way to call out what works and what doesn't work and= >> form a transition from a world with no ASLR to one with some ASLR and >> eventually one with almost entirely ASLR coverage. I'm not sure it ca= n >> be done in one fell swoop. Hooks like this in -current allow for this= >> to be done as a group effort. >> >> It would be very unlikely that we retain the semantics all the way unt= il >> a -stable release. >> >=20 > I am not (yet) criticizing the patches to the build system as I want to= > preserve my innocence ;) ... but perhaps if the semantics are not > finalized this should be done in a branch. It is my opinion that in > general we are not using SVN branches as much as we should. >=20 > Pedro. >=20 > For reference: >=20 > [1] http://youtu.be/dkZ9zdSRQYM Yes there are performance implications. No, the default of PIE and ASLR won't be done without discussion. --=20 Regards, Bryan Drewery --XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTlNgjAAoJEDXXcbtuRpfPMf8IAKDs8yr/m+J2CzChPgve4pSX TQMy57Vcd/7y8w4jTYZ6ANXqpg98ZlwDh0PFHZJYqfxnECCvV8iJie5uX7+ogUbs a+wDt58+4MxY6EpYyE7prw6BYJLUTEmHp07yPQjWHRRPydxkkH+kk0uVcfFXefNz sB7hxtg8mA8cIw/wrfuRXZS5rpxl6im5gIww1Yxgq15gyHM61vgVR763b3OugOG3 NSe7FhtbFttD8zBxlGGRC/mAJkUTDWXedTUCmDBbuaVYd6h5pm09ZWDmnRVdsrqs jHSch/3YQWM9NbZiPbFTOHe8PazlpzCC0ohmxDYxYZY5GbemSpN9nAfT1/xJ2J4= =QG+C -----END PGP SIGNATURE----- --XX6dQkPRTwcJmJ15NcOKnMWNuNTPWQ9nb--