Date: Sat, 10 May 2014 17:25:31 -0400 From: Shawn Webb <lattera@gmail.com> To: Warner Losh <imp@bsdimp.com> Cc: freebsd-current@freebsd.org Subject: Re: Recent Changes to WITH_*/WITHOUT_* in src Message-ID: <20140510212531.GT3063@pwnie.vrt.sourcefire.com> In-Reply-To: <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> References: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--JT7Km6uNxtC1LbQY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On May 10, 2014 02:14 PM -0600, Warner Losh wrote: >=20 > On May 10, 2014, at 10:45 AM, Shawn Webb <lattera@gmail.com> wrote: >=20 > > Hey All, > >=20 > > It seems that the recent changes to the makefiles for building > > world/kernel have broken some modifications I have locally for > > implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd > > ask for a bit of help. I'm sure the solution is quite simple. > >=20 > > My code is up on GitHub. I'll include links at the bottom of the email. > >=20 > > The code in question is in share/mk/bsd.prog.mk, where I'm checking to > > see if MK_PIE is not equal to "no". Prior to the recent changes, this > > code used to work. (Please note that I know that the way I'm cheking is > > a bit bloated, if anyone has any suggestions to trim my code down, let > > me know). >=20 > You?ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since > bsd.*.mk files need it. >=20 Thanks a lot! Adding it to that one worked. But what's the difference between the DEFAULT_NO_OPTIONS in src.opts.mk and bsd.opts.mk? > > How this feature is supposed to work is: > > 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building > > applications as position-independent executables opt-in. > > 2) User adds WITH_PIE=3D1 to /etc/src.conf or /etc/make.conf > > 3) The application being built needs to also specify CAN_PIE=3D1 in its > > Makefile. This is because some applications don't support being built as > > a position-independent executable. > > 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional > > CFLAGS. > >=20 > > The log from my build is here: http://ix.io/cf0 > >=20 > > My code is here: > > https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/s= hare/mk/bsd.prog.mk#L14-L22 >=20 > Maybe RESCUE should define NO_SHARED=3Dyes since it is building a > static binary so you can eliminate a special case that infects the bsd.*.= mk files > with defines from our src build? >=20 That sounds like a good idea. Since that's outside the scope of my ASLR work, should I file a PR for that? > Hate that you are propagating the NO_SHARED=3Dno interface, but can?t > offer at better suggestion at the moment. I?d kinda like to kill that? In looking at the Makefiles, it seems like NO_*/YES_* is being phased out. Once a suitable alternative to NO_SHARED is in place, I'll make adjustments on my end. Thanks, Shawn --JT7Km6uNxtC1LbQY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTbplKAAoJEGqEZY9SRW7ueVsP/0Kk6q8aivPirhYTXr6tH4si m3EYhOidzKDzsTS0cFkOqFc3IqnRJfuTWsuReyF3pWnWIZXa0aYV/ILJPFnjCsQD HBFAL9Be8BHyReyVCjKOqn6XllxqywGCqlS4QRBVS4cZZTAxe/q0Jb87z48MFWHn khIhRDSHmL96PSZxxh4X0+JJzDLoIcHNxxwIZrUWbjVLqa4wIgRRr6WkT19QXbWL Kxa0uEE0TuEshLT6wYW/zhfq9UHr66skUhmDQASY4EGvCMWfzpqOn/ElvUlR99a7 KlUTdJiKU5VOFAfi3q7twM39eCtzWv9hTEaEkgNGMOqIvS/2KKpoc+XFtE1nlpW/ Bh53H0P12+J9tPBYy0S6rZQhgj0xKGqQ2v5xOdkOklZ2LLKUr3ujWX351fnNle7s QVp8zxO9AD6Jq7JO0cpeApVbxkp1T4Q+z2uwGxEI/VcIOU6j+8AzF7Y7v7C3CGsg KBAn3sxD8xUtAAiY91JPI7pLRjYF4XBftRIXldrokxHESlM0cO+k+XNWzxCDZm9Y u4Nt1LznO+XQjqS2a7Ld1MShnE/MN8st/JkO74ycGS8nROBfzrebAD3jajtOq29O fEaHbM2O7DMf1tH7SUstBoUYF8Yh/LsHKLqordPq9purQAPJMayZz4Z9GXfmrZRc 7AWFNvnm9xUJ6PNzpvxs =8Zkm -----END PGP SIGNATURE----- --JT7Km6uNxtC1LbQY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140510212531.GT3063>