| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
Notes:
svn path=/head/; revision=270168
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
Notes:
svn path=/head/; revision=267233
|
|
|
|
|
|
|
|
| |
Checked by: make universe
Approved by: ed (co-mentor)
Notes:
svn path=/head/; revision=203916
|
|
|
|
|
|
|
| |
Discussed with: ru
Notes:
svn path=/head/; revision=147225
|
|
|
|
| |
Notes:
svn path=/head/; revision=139112
|
|
|
|
| |
Notes:
svn path=/head/; revision=127287
|
|
|
|
|
|
|
| |
Use WARNS?= instead of WARNS=
Notes:
svn path=/head/; revision=126173
|
|
|
|
|
|
|
| |
MAINTAINER file (which already had entries for sendmail).
Notes:
svn path=/head/; revision=117299
|
|
|
|
| |
Notes:
svn path=/head/; revision=90798
|
|
|
|
| |
Notes:
svn path=/head/; revision=90167
|
|
|
|
|
|
|
| |
Tested on i386 and alpha.
Notes:
svn path=/head/; revision=90166
|
|
|
|
|
|
|
|
|
| |
set WARNS=0.
Reviewed by: mike
Notes:
svn path=/head/; revision=87323
|
|
|
|
| |
Notes:
svn path=/head/; revision=74845
|
|
|
|
| |
Notes:
svn path=/head/; revision=67660
|
|
|
|
| |
Notes:
svn path=/head/; revision=66961
|
|
|
|
|
|
|
| |
environment so they can enable functionality such as SASL, LDAP, Hesiod.
Notes:
svn path=/head/; revision=65970
|
|
|
|
|
|
|
|
|
| |
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
Notes:
svn path=/head/; revision=64567
|
|
|
|
| |
Notes:
svn path=/head/; revision=50471
|
|
|
|
| |
Notes:
svn path=/head/; revision=38093
|
|
|
|
| |
Notes:
svn path=/head/; revision=36148
|
|
|
|
|
|
|
| |
Pointed-out-by: bde
Notes:
svn path=/head/; revision=31743
|
|
|
|
|
|
|
| |
Obtained from: OpenBSD file rev 1.4 by mickey
Notes:
svn path=/head/; revision=31687
|
|
|
|
|
|
|
| |
rcsid.
Notes:
svn path=/head/; revision=27968
|
|
|
|
|
|
|
| |
with #include <errno.h>.
Notes:
svn path=/head/; revision=27960
|
|
|
|
| |
Notes:
svn path=/head/; revision=27107
|
|
|
|
|
|
|
| |
to hide this so libc is kept instead.
Notes:
svn path=/head/; revision=26467
|
|
|
|
|
|
|
| |
posix standard on the topic.
Notes:
svn path=/head/; revision=24348
|
|
|
|
| |
Notes:
svn path=/head/; revision=22988
|
|
|
|
|
|
|
|
|
|
|
| |
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
Notes:
svn path=/head/; revision=21673
|
|
|
|
| |
Notes:
svn path=/head/; revision=20423
|
|
|
|
|
|
|
|
|
|
|
|
| |
/usr/sbin/sendmail -f <> dest
rather than
/usr/sbin/sendmail -f dest.
Submitted by: Michael Butler <imb@scgt.oz.au>
Obtained from: Eric Allman <eric@cs.berkeley.edu>
Notes:
svn path=/head/; revision=10824
|
|
|
|
|
|
|
| |
Reviewed by: phk
Notes:
svn path=/head/; revision=8855
|
|
|
|
|
|
|
|
|
|
|
|
| |
/usr/src/bin. Note that some patches are still needed in that directory.
I (Joerg) finished most of Philippe's cleanup. /bin/sh will still
need *allot* of work, however.
Submitted by: charnier@lirmm.fr (Philippe Charnier)
Notes:
svn path=/head/; revision=7165
|
|
|
|
|
|
|
|
|
|
|
| |
of queuing mails only can be restored by uncommenting a CFLAGS+= line
in the makefile, so sites that _really_ need this (perhaps some huge
mail hubs) can still have it. The majority of FreeBSD boxes is better
served with an immediate delivery (and last time i've been asking on
the list, nobody complained).
Notes:
svn path=/head/; revision=6904
|
|
|
|
| |
Notes:
svn path=/head/; revision=3044
|
|
|
|
| |
Notes:
svn path=/head/; revision=1864
|
|
Notes:
svn path=/head/; revision=1556
|