Date: Fri, 3 Jul 2020 18:13:09 -0700 From: Donald Wilde <dwilde1@gmail.com> To: "Kevin P. Neal" <kpn@neutralgood.org> Cc: Polytropon <freebsd@edvax.de>, Per Hedeland <per@hedeland.org>, freebsd-questions@freebsd.org Subject: Re: Shell Message-ID: <CAEC7390MZ8hqkyV6=LQu_Jxrixi3ZnmxMcQAK2sQU2OLZb-Z4w@mail.gmail.com> In-Reply-To: <CAEC7393pFm2QOSbC%2BopLXtWWuD4XwGS4K6J0%2B0bvEMiPNJ8ibw@mail.gmail.com> References: <CY4PR19MB010400AC4940C67421BFADE8F96E0@CY4PR19MB0104.namprd19.prod.outlook.com> <DB8PR06MB6442289C119C69BDF4303E72F66F0@DB8PR06MB6442.eurprd06.prod.outlook.com> <20200630104317.812dce86b2dc5ea5a42a1ee1@sohara.org> <a590654c-ffa2-3171-ce44-ae3f33214b14@hedeland.org> <20200630143913.e27eb3e3.freebsd@edvax.de> <CAEC73922LQ%2BqVMcKoSqNWCiDmo62pwktSX_-Afv=cu5aNN=BeQ@mail.gmail.com> <20200703014122.GA30572@neutralgood.org> <CAEC7393pFm2QOSbC%2BopLXtWWuD4XwGS4K6J0%2B0bvEMiPNJ8ibw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/3/20, Donald Wilde <dwilde1@gmail.com> wrote: > On 7/2/20, Kevin P. Neal <kpn@neutralgood.org> wrote: >> On Tue, Jun 30, 2020 at 06:33:44AM -0700, Donald Wilde wrote: > [snip] >>> The only concern with doing so is that doing so causes the (larger!) >>> bash-static kernel to be used everywhere. If you have lots of regular >>> users with console prompts, this could be painful. >> >> Doubtful. With static linking of executables there should be no changing >> of >> the executable once loaded into memory. So all users would share the same >> "text" pages (meaning instructions). >> >> Now, with PIE executables I suspect this is still true, but I can't swear >> to it. And I don't know if bash-static is PIE or not. > > Thanks, Kevin. I'll test that. Yes, according to hardening check, bash (bash-static) passes all tests including PIE, although I saw a note that address space layout randomization (ASLR) is only a feature in the new 13-series FreeBSD. Not sure what that portends, because the description of the Debian variant of PIE (position-independent executable) code seems to imply that the two go together although ASLR is not a precondition for PIE. Here's some interesting data along the way (12-STABLE): /bin/sh 163136 bytes /bin/tcsh 424296 bytes /usr/local/bin/bash(-stable) 2400432 bytes I'll complete and test the previously described co-resident bash situation tomorrow. I still need to figure out "rbash"... -- Don Wilde **************************************************** * What is the Internet of Things but a system * * of systems including humans? * ****************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEC7390MZ8hqkyV6=LQu_Jxrixi3ZnmxMcQAK2sQU2OLZb-Z4w>