1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
The crunchide utility presumes the last 3 chunks of an ELF object
layout are section headers, symbol table, and then string table.
However, this is not specified in the ELF standards, and linkers
may generate different layouts when doing partial linking (-r).
This change is required to build FreeBSD with mclinker or the
gold linker.
PR: bin/174011
Submitted by: Pete Chou
Reviewed by: Cristoph Mallon
MFC after: 2 weeks
costs us another copy of the transform. Revert it.
# Maybe makefile.inc1 should set TARGET_CPUARCH for the cross-tools, but
# it doesn't now. That would solve problems in other places too.
Submitted by: jmallet@
I used the wrong type when setting st_name in the symbol table entry
struct. It's an Elf64_Word which is defined as an unsigned 32 bit int
on both 32 and 64 bit platforms.
To make things sensible, define some new macros to use as "word" macros
and use those, rather than simply using the explicit 32 bit macros.
The older symbol hiding method breaks for MIPS. This implements
symbol hiding through renaming to a symbol name which is highly
unlikely to clash.
The NetBSD code didn't use byte-swapping macros for endian-awareness;
so it didn't work when cross-compiling a MIPS world on i386/amd64.
This patch includes those (as best as I could figure what they
should be) and has been tested to generate valid MIPS crunch
binaries both cross- and native- compiled.
means:
o Remove Elf64_Quarter,
o Redefine Elf64_Half to be 16-bit,
o Redefine Elf64_Word to be 32-bit,
o Add Elf64_Xword and Elf64_Sxword for 64-bit entities,
o Use Elf_Size in MI code to abstract the difference between
Elf32_Word and Elf64_Word.
o Add Elf_Ssize as the signed counterpart of Elf_Size.
MFC after: 2 weeks
Back out the removal of custom version of endian.h system header.
On recent systems, it just falls back to <sys/endian.h>. But on
older systems like 5.0-DP1 or 4-STABLE, this private version may
be necessary, as crunchide(1) is a cross-tool for "make release".
Spotted by: kris, markm
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.
This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.
track.
The Id line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
