PIE/PIC support on base
Baptiste Daroussin
bapt at FreeBSD.org
Thu Oct 16 22:12:54 UTC 2014
On Thu, Oct 16, 2014 at 11:59:52PM +0200, Jeremie Le Hen wrote:
> On Thu, Oct 16, 2014 at 8:21 PM, David Carlier
> <david.carlier at hardenedbsd.org> wrote:
> >
> > I chose the "atomic" approach, at the moment very few binaries are
> > concerned at the moment. So I applied INCLUDE_PIC_ARCHIVE in the needed
> > libraries plus created WITH_PIE which add fPIE/fpie -pie flags only if you
> > include <bsd.prog.pie.mk> (which include <bsd.prog.mk>...) otherwise other
> > binaries include <bsd.prog.mk> as usual hence does not apply. Look
> > reasonable approach ?
I would more like the USE_PIE=yes approach (Warner would have a better view on
the proper approach :)) and make bsd.prog.mk aware of it.
>
> I think I understand what you mean. But I think PIE is commonplace
> nowadays and I don't understand what you win by not enabling it for
> the whole system. Is it a performance concern? Is it to preserve
> conservative minds from to much change? :)
>
I have not seen any operating system where PIE is enabled by default on every
single binaries, and yes PIE has a performance inpact.
It also have an infrastructue cost meaning we have to create PIC enabled archive
for at least every single INTERNALLIB and cherrypick the right .a depending on
the target we are building (static binaries or dynamic one).
regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20141017/14bbdf90/attachment.sig>
More information about the freebsd-arch
mailing list