Commit Graph

24 Commits

Author SHA1 Message Date
Baptiste Daroussin
3e11bd9e2a Convert to usr.bin/ to LIBADD
Reduce overlinking
2014-11-25 14:29:10 +00:00
Bryan Drewery
5608fd23c2 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
Bryan Drewery
864c53ead8 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Ed Schouten
b7946da96b Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
2010-01-02 10:27:05 +00:00
Ruslan Ermilov
f329a1513a Style: move .PATH to where it belongs. 2005-10-14 15:50:22 +00:00
Mark Murray
d8f5c86825 Build this from contrib/ now. 1999-09-04 09:52:36 +00:00
Peter Wemm
a1a4f1a0d8 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Dag-Erling Smørgrav
d63c42d19f Unbreak K&R support, and generate code that works in K&R C as well as
ANSI C no matter what language is specified.
1998-12-18 14:29:51 +00:00
Dag-Erling Smørgrav
88c4d11dc7 Generate a prototype for initialize_XXXX_error_table() when the language
is set to C.
1998-12-15 12:20:27 +00:00
Bruce Evans
2cf0660cea Simplified using new yacc rules and by not generating y.tab.h. The
lex source is still handled bogusly.
1998-05-04 18:40:18 +00:00
Bruce Evans
e1d3476a8e Don't use beforedepend to break things. The usual fix of putting
generated sources in SRCS breaks because compile_et uses an evil
include of one .c file in another.  Use a worse fix.  Perhaps
DPSRCS is useful after all.

Don't put *.y in SRCS.  Put the generated file in SRCS instead.
This fixes incomplete dependencies (mkdep can't work on *.y).

Don't override the default .l.c rule.  Just use LFLAGS.

Fixed some style bugs.
1998-03-20 16:21:39 +00:00
Philippe Charnier
27c3c7d818 Mdoc'ify man page. Use err(3). Remove whoami. 1997-06-30 06:42:43 +00:00
Peter Wemm
c115df18cd Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Jordan K. Hubbard
526195ad0d General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 19:08:36 +00:00
Peter Wemm
a5b996a7ec recording cvs-1.6 file death 1995-12-30 19:02:48 +00:00
Bill Paul
d93cc1a933 According to stdlib.h, malloc and realloc return void * but error_table.y
declares them to return char *. For some reason, this causes no problems
with the old compiler tools, but doing a 'make world' with gcc 2.6.3 in a
seperate DESTDIR got me this error:

yacc -d /usr/src/usr.bin/compile_et/error_table.y
cc -O2 -I. -I/usr/src/usr.bin/compile_et/../../lib/libcom_err   -I/mnt/usr/include -c y.tab.c -o error_table.o
In file included from /usr/src/usr.bin/compile_et/et_lex.lex.l:11,
                 from /usr/src/usr.bin/compile_et/error_table.y:233:
/mnt/usr/include/stdlib.h💯 conflicting types for `malloc'
/usr/src/usr.bin/compile_et/error_table.y:80: previous declaration of `malloc'
/mnt/usr/include/stdlib.h:104: conflicting types for `realloc'
/usr/src/usr.bin/compile_et/error_table.y:80: previous declaration of `realloc'
*** Error code 1

Stop.

Declaring malloc and realloc to return void * fixes this. It could be that
the new gcc is a bit more picky about these things.
1995-03-15 19:05:28 +00:00
Jordan K. Hubbard
819ab54771 Add y.tab.h to CLEANFILES. 1995-02-09 00:24:00 +00:00
Garrett Wollman
d8baa34b91 Fix include directive bobble. 1995-01-14 22:30:32 +00:00
Garrett Wollman
5e914d3b8d Upgrade to latest released SIPB version I can find. (Unfortunately, the
original releases were not numbered.)
1995-01-14 22:29:34 +00:00
Garrett Wollman
3c71319647 Slight makefile cleanup. 1995-01-14 20:58:00 +00:00
Geoff Rehmet
60643d379b Initial import of eBones.
(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's 
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)

Bones originally from MIT SIPB.
Original port to FreeBSD 1.x  by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.
1994-09-30 14:50:09 +00:00