PIE/PIC support on base
Baptiste Daroussin
bapt at FreeBSD.org
Wed Oct 15 06:10:35 UTC 2014
On Mon, Oct 13, 2014 at 11:02:27PM +0100, David Carlier wrote:
> Hi all,
>
> HardenedBSD plans to add PIE support on base in various place.
>
> These are B. Drewery suggestions :
>
> The _pic ones are not needed. The main lib file just needs
> INSTALL_PIC_ARCHIVE=yes.
>
> Modifying CFLAGS in every Makefile is not right, just add a USE_PIE or
> something to pull in common logic from share/mk.
>
> Also I know that, at least for a start, it wished to be applied in some few
> places, like tcpdump/traceroute, sendmail ... shells ... I thought about
> also casper/capsicum ... ntp ... jail
>
What would probably be interesting is to list binary by binary on which one you
do want to add the USE_PIE, and with rational explaining why.
On some OS you often can see ssh(1) not being PIE while sshd(8) have PIE. I
think cherry-picking what should be PIE is the right
regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20141015/ff21c7b1/attachment.sig>
More information about the freebsd-arch
mailing list