[CFT] ASLR, PIE, and segvguard on 11-current and 10-stable
Dimitry Andric
dim at FreeBSD.org
Sun May 25 18:07:00 UTC 2014
On 25 May 2014, at 19:42, Oliver Pinter <oliver.pntr at gmail.com> wrote:
> On 5/25/14, Dag-Erling Smørgrav <des at des.no> wrote:
>> Oliver Pinter <oliver.pntr at gmail.com> writes:
...
>>> PAX: blacklist clang and related binaries from PIE support
>>
>> Why? Performance, or do they actually break?
>
> No. If you definded WITH_CLANG_EXTRAS= in src.conf, the breaked the build.
> (added dim@ to CC)
>
> --- usr.bin.all__D ---
> /usr/obj/usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint/../../../lib/clang/libllvmirreader/libllvmirreader.a:
> could not read symbols: Bad value
> c++: error: linker command failed with exit code 1 (use -v to see invocation)
> *** [bugpoint] Error code 1
I assume you only get this with your ASLR patches applied? Maybe this is because the clang binary itself gets built statically (and so will definitely not be PIE), but the rest of the 'extras', such as bugpoint, are regular dynamic executables. And note that none of the libraries built under lib/libclang are built with -fPIC, at the moment. So that might cause trouble with your PIE patches.
In any case, the interesting thing is what the actual linker error was. Do you have more of the preceding build log, including the rest of the settings that were used to build world? And also, what does "file /usr/obj/usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint/../../../lib/clang/libllvmirreader/libllvmirreader.a" say?
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20140525/b5eec96b/attachment.sig>
More information about the freebsd-current
mailing list