1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
bottom of the manpages and order them consistently.
GNU groff doesn't care about the ordering, and doesn't even mention
CAVEATS and SECURITY CONSIDERATIONS as common sections and where to put
them.
Found by: mdocml lint run
Reviewed by: ru
argv[1] to mimic crt0 behaviour. Do the job by a direct assignment
to __progname in order to stay compatible with NetBSD, whose
setprogname() is a deliberate no-op.
The reason for this change is that some programs (usually those
imported from NetBSD) use getprogname() to distinguish between their
aliases. (See pkill aka pgrep for example.)
This change can be useful, and applicable, to NetBSD, too.
Define the xxx_OBJPATHS earlier and then use it in the xxx_make
target because each obj is actually made through that.
This allows the crunch to work with -j32 on sun4v.
The makefile generated is still poor, though. It really shouldn't use
the general 'make all' to do the submakes in the app directories being
crunched because each of those objects is listed as a dependency in
the generated crunch makefile. Doing that really requires a unique rule
to generate them.
classes from say, /lib/geom, cannot be statically linked completely.
Moreover, those shared objects may require other shared objects (i.e.
for geom, libraries like -lmd, -lcrypto).
The libs_so extension to crunchgen fixes this by allowing some libraries
to be linked in dynamically. This requires that a copy of rtld and the
shared libraries be made available to the crunched binary, and so is not
suitable for all environments. Crunchgen configurations which do not
use the 'libs_so' keyword are unaffected and produce identical binaries
with and without this commit.
Approved by: murray (mentor, in spirit), jhb
In collaboration with: Adrian Steinmann <ast at marabu dot ch>
MFC After: 6 weeks
or 'env MAKEOBJDIRPREFIX=... make' depending on the setting of
MAKEOBJDIRPREFIX in the environment. In any case this line kills the
original value of ${MAKE}. When during buildworld a new make is built (as
is the case during the upgrade) this causes a wrong make to be picked up
(the first one in the path). Use the same technique as Makefile.inc1:
create a MAKEENV variable and a CRUNCHMAKE that calls ${MAKE} with that
MAKEENV prefixed. Use CRUNCHMAKE instead of MAKE throughout the generated
makefile. This leaves the original ${MAKE} undisturbed.
OBJS list. This is needed to crunch any program that relies on the
correct .CURDIR setting, e.g. src/bin/csh.
Submitted by: Tim Kientzle <kientzle@acm.org>
Note that crunchgen's stub .c programs already have the code to use it:
"int _crunched_%s_stub(int argc, char **argv, char **envp)"
"{return main(argc,argv,envp);}\" >%s_stub.c\n",
Add $FreeBSD$ to allow the commit.
Reviewed by: luigi
MFC after: 3 days
so the .lo files can be partially linked against libraries
which redefine symbols in the standard libs, or which reference
symbols in the objects.
Submitted by: Sam Leffler
MFC After: 3 days
progs prog1
special prog1 objdir ../../prog1/obj
special prog1 objs prog1.o
This fixes a bug that I introduced around the time of 4.2-release.
Reported by: Larry Baird <lab@gta.com>
Make sure we pass $(BUILDOPTS) to the `clean' target
so that `make clean' works on the same set of object
files. Otherwise, we may end up with an incorrectly
built and up-to-date object file.
o strcpy() -> strlcpy()
o sprintf() -> snprintf()
o mktemp() -> mkstemp()
o use err() instead of errx() in out_of_memory() function since
errno will probably be set
Submitted by: jedgar
/usr/obj hardwired in the code, now you can override it
with a command line option or MAKEOBJDIRPREFIX env. variable.
The above is useful to build picobsd-specific objects in some other
place than /usr/obj
While at it, fix documentation and change a few sprintf -> snprintf.
