24 Commits

Author SHA1 Message Date
bapt
8d6c7a49a6 Convert to usr.bin/ to LIBADD
Reduce overlinking
2014-11-25 14:29:10 +00:00
bdrewery
b619f0c747 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
bdrewery
989e2c6000 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
stas
e7e0b34988 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
ed
9b380e30d4 Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
2010-01-02 10:27:05 +00:00
ru
9641f05384 Style: move .PATH to where it belongs. 2005-10-14 15:50:22 +00:00
markm
3f27ca1140 Build this from contrib/ now. 1999-09-04 09:52:36 +00:00
peter
c81dbb3c98 $Header$ -> $FreeBSD$ 1999-08-28 05:11:36 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
des
ab07ab9139 Unbreak K&R support, and generate code that works in K&R C as well as
ANSI C no matter what language is specified.
1998-12-18 14:29:51 +00:00
des
78b34160d2 Generate a prototype for initialize_XXXX_error_table() when the language
is set to C.
1998-12-15 12:20:27 +00:00
bde
c1ea7ba30d Simplified using new yacc rules and by not generating y.tab.h. The
lex source is still handled bogusly.
1998-05-04 18:40:18 +00:00
bde
e0eeac5f43 Don't use beforedepend to break things. The usual fix of putting
generated sources in SRCS breaks because compile_et uses an evil
include of one .c file in another.  Use a worse fix.  Perhaps
DPSRCS is useful after all.

Don't put *.y in SRCS.  Put the generated file in SRCS instead.
This fixes incomplete dependencies (mkdep can't work on *.y).

Don't override the default .l.c rule.  Just use LFLAGS.

Fixed some style bugs.
1998-03-20 16:21:39 +00:00
charnier
f6e53120d8 Mdoc'ify man page. Use err(3). Remove whoami. 1997-06-30 06:42:43 +00:00
peter
f390c26dd9 Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
jkh
730964efd2 General -Wall warning cleanup, part I.
Submitted-By: Kent Vander Velden <graphix@iastate.edu>
1996-07-12 19:08:36 +00:00
peter
c3f352d4ad This commit was generated by cvs2svn to compensate for changes in r13122,
which included commits to RCS files with non-trunk default branches.
1995-12-30 19:02:48 +00:00
wpaul
9f506b229f According to stdlib.h, malloc and realloc return void * but error_table.y
declares them to return char *. For some reason, this causes no problems
with the old compiler tools, but doing a 'make world' with gcc 2.6.3 in a
seperate DESTDIR got me this error:

yacc -d /usr/src/usr.bin/compile_et/error_table.y
cc -O2 -I. -I/usr/src/usr.bin/compile_et/../../lib/libcom_err   -I/mnt/usr/include -c y.tab.c -o error_table.o
In file included from /usr/src/usr.bin/compile_et/et_lex.lex.l:11,
                 from /usr/src/usr.bin/compile_et/error_table.y:233:
/mnt/usr/include/stdlib.h💯 conflicting types for `malloc'
/usr/src/usr.bin/compile_et/error_table.y:80: previous declaration of `malloc'
/mnt/usr/include/stdlib.h:104: conflicting types for `realloc'
/usr/src/usr.bin/compile_et/error_table.y:80: previous declaration of `realloc'
*** Error code 1

Stop.

Declaring malloc and realloc to return void * fixes this. It could be that
the new gcc is a bit more picky about these things.
1995-03-15 19:05:28 +00:00
jkh
6b720ef9d5 Add y.tab.h to CLEANFILES. 1995-02-09 00:24:00 +00:00
wollman
ba3292be1a Fix include directive bobble. 1995-01-14 22:30:32 +00:00
wollman
479760c2d1 Upgrade to latest released SIPB version I can find. (Unfortunately, the
original releases were not numbered.)
1995-01-14 22:29:34 +00:00
wollman
0c9f17934c Slight makefile cleanup. 1995-01-14 20:58:00 +00:00
csgr
01b6212fda Initial import of eBones.
(Including all changes for FreeBSD - importing the original eBones distribution
would be too complex at this stage, since I don't have access to Piero's 
CVS.)
(If you want to include eBones in your system, don't forget to include
MAKE_EBONES in /etc/make.conf.)
(This stuff is now also suppable from braae.ru.ac.za.)

Bones originally from MIT SIPB.
Original port to FreeBSD 1.x  by Piero Serini.
Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet.
Nice bug fixes from Doug Rabson.
1994-09-30 14:50:09 +00:00