From owner-freebsd-stable@FreeBSD.ORG Mon Oct 5 17:06:28 2009 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E44001065670; Mon, 5 Oct 2009 17:06:27 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-ew0-f208.google.com (mail-ew0-f208.google.com [209.85.219.208]) by mx1.freebsd.org (Postfix) with ESMTP id 410AD8FC16; Mon, 5 Oct 2009 17:06:26 +0000 (UTC) Received: by ewy4 with SMTP id 4so3015466ewy.7 for ; Mon, 05 Oct 2009 10:06:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:cc :subject:in-reply-to:message-id:references:user-agent :x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; bh=py64IPYzHmimKL2OKOTXzEscMaEyuaDHHiRaVMdFCJ8=; b=SR62EGjeFuoJj9vYxnFyCzYyegPKPE8Ws5/b2p76qbwTcSHMXgrOvnIg6A9U+Vuf81 F4a/y3kPtEdMOA6xJoJlCm27k49Z4sNBNs89ZGUjb2tMN/U1YAHIiC4Jei+iIJVfzy6K /NsjtJ/uln/ld5OQNEzqTR635uazVzpKeodZ4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; b=rqgx7IOPCN5yVNYjYy90XSdNdZ8Eahux0Vo3QLtmYszofEp7DGTwOmLadPufPpjZUk Jge4BJnoWyeQgY0g4ZemNjFHOhb9piA7xhYyGEZtM9+gHM9NKvro1mxBQ4uR8hWrxrux TYuZqw6oG1mHwXoguIFfSigMJzWh+hJZy54i0= Received: by 10.211.158.8 with SMTP id k8mr260562ebo.38.1254762386208; Mon, 05 Oct 2009 10:06:26 -0700 (PDT) Received: from dimension.5p.local (adsl-99-35-15-84.dsl.klmzmi.sbcglobal.net [99.35.15.84]) by mx.google.com with ESMTPS id 5sm16624eyh.24.2009.10.05.10.06.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 05 Oct 2009 10:06:25 -0700 (PDT) Sender: "J. Hellenthal" Date: Mon, 5 Oct 2009 13:06:15 -0400 From: jhell To: Doug Barton In-Reply-To: <4AC8F27C.8070208@FreeBSD.org> Message-ID: References: <20091003184220.GA2620@curry.mchp.siemens.de> <20091003212308.GA3122@curry.mchp.siemens.de> <20091003215821.V26486@maildrop.int.zabbadoz.net> <4AC8F27C.8070208@FreeBSD.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: "Bjoern A. Zeeb" , stable@freebsd.org, Andre Albsmeier , jhell Subject: Re: security.bsd.map_at_zero=0 problem with samba33 (including solution) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2009 17:06:28 -0000 On Sun, 4 Oct 2009 12:07 -0700, dougb@ wrote: > Bjoern A. Zeeb wrote: >> On Sat, 3 Oct 2009, Andre Albsmeier wrote: >> >> Hi, >> >>> On Sat, 03-Oct-2009 at 16:27:32 -0400, jhell wrote: >>>> On Sat, 3 Oct 2009 14:42 -0000, Andre.Albsmeier wrote: >>>> >>>>> FYI, >>>>> >>>>> after setting security.bsd.map_at_zero to 0 on 7.2-STABLE all >>>>> samba33 programmes did abort() immediately after start. The >>>>> solution was to use >>>>> >>>>> CONFIGURE_ARGS+= --disable-pie >>>>> >>>>> -Andre >>>>> >>>> >>>> To add an additional note samba33 even when not running (not enabled >>>> by a rcvar) >>>> also runs a tdbcleanup routine on shutdown and/or start that also does >>>> abort(). >>> >>> Yes, every samba programme is linked with -pie per default (so >>> all abort()). >> >> >> Thanks for reporting the issue. People are aware of the problem now >> and we'll try to present a solution within the next days for better >> position-independent executable (PIE) handling. >> >> Meanwhile there are multiple solutions for people affected: >> >> (1) recompile the port; > > Just to be clear, you have to recompile the port with --disable-pie > added to the CONFIGURE_ARGS in the Makefile. > > It would also be nice if there were a __FreeBSD_version bump for this > new feature. > > > Doug > > Just to add on to this for those that may be wondering what they can do to solve this for just the ports infrastructure in the mean time. You may add the following to /etc/make.conf .if ${.CURDIR:M/usr/ports*} CONFIGURE_ARGS+= --disable-pie .endif This is assuming that you have your ports installed in the standard place of /usr/ports. If not you may adjust the match accordingly. This could also be extended to individual ports or substructures of your liking so that you are not adding those configure arguments to every port under the sun. Keep in mind, this should be followed carefully and not expected to be a full workaround as a greater solution still lies in wait. Best regards. -- %{----------------------------------------------------+ | dataix.net!jhell 2048R/89D8547E 2009-09-30 | | BSD since FreeBSD 4.2 Linux since Slackware 2.1 | | 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E | +----------------------------------------------------%}