Date: Mon, 5 Oct 2009 13:06:15 -0400 From: jhell <jhell@DataIX.net> To: Doug Barton <dougb@freebsd.org> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, stable@freebsd.org, Andre Albsmeier <Andre.Albsmeier@siemens.com>, jhell <jhell@DataIX.net> Subject: Re: security.bsd.map_at_zero=0 problem with samba33 (including solution) Message-ID: <alpine.BSF.2.00.0910051254030.83769@qvzrafvba.5c.ybpny> In-Reply-To: <4AC8F27C.8070208@FreeBSD.org> References: <20091003184220.GA2620@curry.mchp.siemens.de> <alpine.BSF.2.00.0910031624080.28602@dimension.5p.local> <20091003212308.GA3122@curry.mchp.siemens.de> <20091003215821.V26486@maildrop.int.zabbadoz.net> <4AC8F27C.8070208@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 4 Oct 2009 12:07 -0700, dougb@ wrote:
> Bjoern A. Zeeb wrote:
>> On Sat, 3 Oct 2009, Andre Albsmeier wrote:
>>
>> Hi,
>>
>>> On Sat, 03-Oct-2009 at 16:27:32 -0400, jhell wrote:
>>>> On Sat, 3 Oct 2009 14:42 -0000, Andre.Albsmeier wrote:
>>>>
>>>>> FYI,
>>>>>
>>>>> after setting security.bsd.map_at_zero to 0 on 7.2-STABLE all
>>>>> samba33 programmes did abort() immediately after start. The
>>>>> solution was to use
>>>>>
>>>>> CONFIGURE_ARGS+= --disable-pie
>>>>>
>>>>> -Andre
>>>>>
>>>>
>>>> To add an additional note samba33 even when not running (not enabled
>>>> by a rcvar)
>>>> also runs a tdbcleanup routine on shutdown and/or start that also does
>>>> abort().
>>>
>>> Yes, every samba programme is linked with -pie per default (so
>>> all abort()).
>>
>>
>> Thanks for reporting the issue. People are aware of the problem now
>> and we'll try to present a solution within the next days for better
>> position-independent executable (PIE) handling.
>>
>> Meanwhile there are multiple solutions for people affected:
>>
>> (1) recompile the port;
>
> Just to be clear, you have to recompile the port with --disable-pie
> added to the CONFIGURE_ARGS in the Makefile.
>
> It would also be nice if there were a __FreeBSD_version bump for this
> new feature.
>
>
> Doug
>
>
Just to add on to this for those that may be wondering what they can do to
solve this for just the ports infrastructure in the mean time.
You may add the following to /etc/make.conf
.if ${.CURDIR:M/usr/ports*}
CONFIGURE_ARGS+= --disable-pie
.endif
This is assuming that you have your ports installed in the standard place
of /usr/ports. If not you may adjust the match accordingly.
This could also be extended to individual ports or substructures of your
liking so that you are not adding those configure arguments to every port
under the sun.
Keep in mind, this should be followed carefully and not expected to be a
full workaround as a greater solution still lies in wait.
Best regards.
--
%{----------------------------------------------------+
| dataix.net!jhell 2048R/89D8547E 2009-09-30 |
| BSD since FreeBSD 4.2 Linux since Slackware 2.1 |
| 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E |
+----------------------------------------------------%}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0910051254030.83769>