Re: HEADS-UP: PIE enabled by default on stable/13

Reply: Marek Zarychta : "Re: HEADS-UP: PIE enabled by default on stable/13"
In reply to: Marek Zarychta : "Re: HEADS-UP: PIE enabled by default on stable/13"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Marcin Wojtas <mw_at_semihalf.com>
Date: Mon, 24 Jan 2022 18:43:53 UTC

Hi Marek,

pon., 24 sty 2022 o 08:17 Marek Zarychta
<zarychtam@plan-b.pwste.edu.pl> napisał(a):
>
> W dniu 24.01.2022 o 07:42, Marcin Wojtas pisze:
> > +freebsd-stable@
> >
> > niedz., 23 sty 2022 o 11:36 Marcin Wojtas <mw@semihalf.com> napisał(a):
> >>
> >> Hi,
> >>
> >> As of 396e9f259d962 the base system binaries are now built as position-independent executable (PIE) by default, for 64-bit architectures. Thanks to that enabling ASLR can be done simply
> >> by sysctls knobs when booting the kernel.
> >>
> >> If you track stable/13 and normally build WITHOUT_CLEAN you'll need to do one initial clean build -- either run `make cleanworld` or set WITH_CLEAN=yes.
> >>
> >> The change is a pure MFC of the changes integrated to -CURRENT early 2021 and no issues are expected, but in case any problems are observed, please issue a PR and/or let me know in this thread.
> >>
> >> Best regards,
> >> Marcin
> >
>
> Thanks for enabling this. If I understand it correctly we got some
> improvements mentioned here[1] and it doesn't imply that ASLR has to be
> enabled, especially kern.elf64.aslr.pie_enable can be still set to 0 ?
>

Currently it still remains opt-in on stable/13 and is disabled by default.

Best regards,
Marcin

>
> [1] https://www.mail-archive.com/freebsd-current@freebsd.org/msg183605.html
>