1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
Approved by: rwatson
Obtained from: NetBSD source tree
Second part of the fsck wrappers commit. This commit enables the new fsck
code (removing the fsck/* code and replacing it with the netbsd fsck
wrapper code), and enabling some FFS-based utilities to compile.
Details:
* quotacheck, fsdb required modification to use the fsck_ffs/ code rather
than fsck/ . This might change later since quotacheck requires preen.c
which should exist in fsck/ rather than fsck_ffs/
* src/Makefile has fsck_ffs added to it so it it built as part of the tree
now
* share/doc/smm/03.fsck/ uses the SMM.doc/ stuff from fsck_ffs, not fsck.
I've tested this, and it shouldn't require any changes on your machine.
The fsck wrapper reads /etc/fsck and is command-line-compatible enough
to not require rc changes (well, most changes unless you want to do
anything nifty by specifying the fs types explicityly, read the man page
if you want further details on what it can do.)
This now allows us to support multiple filesystem types during bootup.
