diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2014-08-19 15:04:32 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2014-08-19 15:04:32 +0000 |
| commit | 5608fd23c27fa1e8ee595d7b678cbfd35d657fbe (patch) | |
| tree | f5585fe1edc0507d12a8ac9729befa9b67327239 /usr.sbin | |
| parent | 7e1c22c4764b44758d6a65bad9fc5c6c108737d0 (diff) | |
| download | src-5608fd23c27fa1e8ee595d7b678cbfd35d657fbe.tar.gz src-5608fd23c27fa1e8ee595d7b678cbfd35d657fbe.zip | |
Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
Notes
Notes:
svn path=/head/; revision=270168
Diffstat (limited to 'usr.sbin')
37 files changed, 0 insertions, 74 deletions
diff --git a/usr.sbin/amd/amd/Makefile b/usr.sbin/amd/amd/Makefile index fdcbd601e5c9..1fc41bfe20d0 100644 --- a/usr.sbin/amd/amd/Makefile +++ b/usr.sbin/amd/amd/Makefile @@ -24,8 +24,6 @@ SRCS+= ops_nullfs.c ops_pcfs.c ops_tfs.c ops_ufs.c ops_umapfs.c SRCS+= ops_unionfs.c opts.c readdir.c restart.c rpc_fwd.c sched.c SRCS+= srvr_amfs_auto.c srvr_nfs.c -NO_PIE= yes - CFLAGS+= -I${.CURDIR}/../../../contrib/amd/amd \ -I${DESTDIR}/usr/include/rpcsvc diff --git a/usr.sbin/amd/amq/Makefile b/usr.sbin/amd/amq/Makefile index 40257c308b98..74fc7492f524 100644 --- a/usr.sbin/amd/amq/Makefile +++ b/usr.sbin/amd/amq/Makefile @@ -17,6 +17,4 @@ CFLAGS+= -I${.CURDIR}/../../../contrib/amd/amq DPADD= ${LIBAMU} LDADD= ${LIBAMU} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/amd/fixmount/Makefile b/usr.sbin/amd/fixmount/Makefile index 1838fb29ba33..7f96a456dfe4 100644 --- a/usr.sbin/amd/fixmount/Makefile +++ b/usr.sbin/amd/fixmount/Makefile @@ -18,6 +18,4 @@ SRCS+= checkmount_bsd44.c DPADD= ${LIBAMU} ${LIBRPCSVC} LDADD= ${LIBAMU} -lrpcsvc -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/amd/fsinfo/Makefile b/usr.sbin/amd/fsinfo/Makefile index 83becb2c5b3d..1695a469f980 100644 --- a/usr.sbin/amd/fsinfo/Makefile +++ b/usr.sbin/amd/fsinfo/Makefile @@ -13,8 +13,6 @@ SRCS= fsi_gram.y fsi_lex.l SRCS+= fsi_analyze.c fsi_dict.c fsi_util.c fsinfo.c wr_atab.c SRCS+= wr_bparam.c wr_dumpset.c wr_exportfs.c wr_fstab.c -NO_PIE= yes - CFLAGS+= -I${.CURDIR}/../../../contrib/amd/fsinfo DPADD= ${LIBAMU} diff --git a/usr.sbin/amd/hlfsd/Makefile b/usr.sbin/amd/hlfsd/Makefile index dca94da6bb95..5b863dd5adcd 100644 --- a/usr.sbin/amd/hlfsd/Makefile +++ b/usr.sbin/amd/hlfsd/Makefile @@ -16,6 +16,4 @@ CFLAGS+= -I${.CURDIR}/../../../contrib/amd/hlfsd DPADD= ${LIBAMU} LDADD= ${LIBAMU} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/amd/mk-amd-map/Makefile b/usr.sbin/amd/mk-amd-map/Makefile index bed9e30c9b91..57fd6a5f0bdc 100644 --- a/usr.sbin/amd/mk-amd-map/Makefile +++ b/usr.sbin/amd/mk-amd-map/Makefile @@ -13,6 +13,4 @@ MAN= mk-amd-map.8 DPADD= ${LIBAMU} LDADD= ${LIBAMU} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/amd/pawd/Makefile b/usr.sbin/amd/pawd/Makefile index 612acedf7a8a..c6bb1cc37a0b 100644 --- a/usr.sbin/amd/pawd/Makefile +++ b/usr.sbin/amd/pawd/Makefile @@ -17,6 +17,4 @@ CFLAGS+= -I${.CURDIR}/../../../contrib/amd/amq DPADD= ${LIBAMU} LDADD= ${LIBAMU} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/amd/wire-test/Makefile b/usr.sbin/amd/wire-test/Makefile index f96076863735..a07e6902fe76 100644 --- a/usr.sbin/amd/wire-test/Makefile +++ b/usr.sbin/amd/wire-test/Makefile @@ -13,6 +13,4 @@ MAN= wire-test.8 DPADD= ${LIBAMU} LDADD= ${LIBAMU} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/btxld/Makefile b/usr.sbin/btxld/Makefile index 8df8fa1c39fe..32cf99d5edac 100644 --- a/usr.sbin/btxld/Makefile +++ b/usr.sbin/btxld/Makefile @@ -4,6 +4,4 @@ PROG= btxld MAN= btxld.8 SRCS= btxld.c elfh.c -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/cron/cron/Makefile b/usr.sbin/cron/cron/Makefile index c7762f180b64..d9a1d247d41e 100644 --- a/usr.sbin/cron/cron/Makefile +++ b/usr.sbin/cron/cron/Makefile @@ -11,6 +11,4 @@ LDADD= ${LIBCRON} ${MINUSLPAM} -lutil WARNS?= 2 -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/cron/crontab/Makefile b/usr.sbin/cron/crontab/Makefile index cd9600ae8184..829128e5729e 100644 --- a/usr.sbin/cron/crontab/Makefile +++ b/usr.sbin/cron/crontab/Makefile @@ -15,6 +15,4 @@ CFLAGS+= -I${.CURDIR}/../cron DPADD= ${LIBCRON} ${LIBMD} ${LIBUTIL} LDADD= ${LIBCRON} -lmd -lutil -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/crunch/crunchgen/Makefile b/usr.sbin/crunch/crunchgen/Makefile index 7b07f2bd2a2a..8d0a78b19027 100644 --- a/usr.sbin/crunch/crunchgen/Makefile +++ b/usr.sbin/crunch/crunchgen/Makefile @@ -4,8 +4,6 @@ PROG= crunchgen SRCS= crunchgen.c crunched_skel.c CLEANFILES+= crunched_skel.c -NO_PIE= yes - crunched_skel.c: crunched_main.c sh -e ${.CURDIR}/mkskel.sh ${.CURDIR}/crunched_main.c >crunched_skel.c diff --git a/usr.sbin/crunch/crunchide/Makefile b/usr.sbin/crunch/crunchide/Makefile index e328aa412c2c..ab8b9020fff7 100644 --- a/usr.sbin/crunch/crunchide/Makefile +++ b/usr.sbin/crunch/crunchide/Makefile @@ -3,8 +3,6 @@ PROG= crunchide SRCS= crunchide.c -NO_PIE= yes - TARGET_ARCH?= ${MACHINE_ARCH} .if ${TARGET_ARCH} == i386 && ${MACHINE_ARCH} == i386 diff --git a/usr.sbin/editmap/Makefile b/usr.sbin/editmap/Makefile index 8b4562cf1163..92d8392bf1f8 100644 --- a/usr.sbin/editmap/Makefile +++ b/usr.sbin/editmap/Makefile @@ -33,8 +33,6 @@ DPADD+=${SENDMAIL_DPADD} LDADD+=${SENDMAIL_LDADD} LDFLAGS+=${SENDMAIL_LDFLAGS} -NO_PIE= yes - sm_os.h: ln -sf ${SENDMAIL_DIR}/include/sm/os/sm_os_freebsd.h sm_os.h diff --git a/usr.sbin/fifolog/fifolog_create/Makefile b/usr.sbin/fifolog/fifolog_create/Makefile index 38a66233d35b..8b59b25ed251 100644 --- a/usr.sbin/fifolog/fifolog_create/Makefile +++ b/usr.sbin/fifolog/fifolog_create/Makefile @@ -12,8 +12,6 @@ MLINKS= fifolog.1 fifolog_create.1 \ fifolog.1 fifolog_reader.1 \ fifolog.1 fifolog_writer.1 -NO_PIE= yes - regress: rm -f /tmp/fifolog.? ./${PROG} /tmp/fifolog.0 diff --git a/usr.sbin/fifolog/fifolog_reader/Makefile b/usr.sbin/fifolog/fifolog_reader/Makefile index dfbb73f0ce3c..c88f10e95295 100644 --- a/usr.sbin/fifolog/fifolog_reader/Makefile +++ b/usr.sbin/fifolog/fifolog_reader/Makefile @@ -9,8 +9,6 @@ MAN= DPADD= ${LIBFIFOLOG} ${LIBUTIL} ${LIBZ} LDADD= ${LIBFIFOLOG} -lutil -lz -NO_PIE= yes - regress: ./${PROG} /tmp/fifolog.0 ./${PROG} -t /tmp/fifolog.0 diff --git a/usr.sbin/fifolog/fifolog_writer/Makefile b/usr.sbin/fifolog/fifolog_writer/Makefile index 3e6e37790aac..9d802c7eb3ee 100644 --- a/usr.sbin/fifolog/fifolog_writer/Makefile +++ b/usr.sbin/fifolog/fifolog_writer/Makefile @@ -9,8 +9,6 @@ MAN= DPADD= ${LIBFIFOLOG} ${LIBUTIL} ${LIBZ} LDADD= ${LIBFIFOLOG} -lutil -lz -NO_PIE= yes - regress: date | ./${PROG} -z 0 /tmp/fifolog.0 lptest 65 | ./${PROG} -z 9 /tmp/fifolog.1 diff --git a/usr.sbin/ftp-proxy/ftp-proxy/Makefile b/usr.sbin/ftp-proxy/ftp-proxy/Makefile index 686bac436e1e..de4988815016 100644 --- a/usr.sbin/ftp-proxy/ftp-proxy/Makefile +++ b/usr.sbin/ftp-proxy/ftp-proxy/Makefile @@ -14,6 +14,4 @@ DPADD+= ${LIBEVENT} WARNS?= 3 -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/chkprintcap/Makefile b/usr.sbin/lpr/chkprintcap/Makefile index 1ea2254f958e..ffffffbb2bd1 100644 --- a/usr.sbin/lpr/chkprintcap/Makefile +++ b/usr.sbin/lpr/chkprintcap/Makefile @@ -11,6 +11,4 @@ CFLAGS+= -I${.CURDIR}/../common_source DPADD= ${LIBLPR} LDADD= ${LIBLPR} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/lpc/Makefile b/usr.sbin/lpr/lpc/Makefile index 7f228d666c38..92ca9e8faf46 100644 --- a/usr.sbin/lpr/lpc/Makefile +++ b/usr.sbin/lpr/lpc/Makefile @@ -16,6 +16,4 @@ WARNS?= 0 DPADD= ${LIBLPR} ${LIBEDIT} ${LIBTERMCAPW} LDADD= ${LIBLPR} -ledit -ltermcapw -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/lpd/Makefile b/usr.sbin/lpr/lpd/Makefile index bd3e25a8b545..0d7d93ef79d9 100644 --- a/usr.sbin/lpr/lpd/Makefile +++ b/usr.sbin/lpr/lpd/Makefile @@ -12,6 +12,4 @@ WARNS?= 1 DPADD= ${LIBLPR} LDADD= ${LIBLPR} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/lpq/Makefile b/usr.sbin/lpr/lpq/Makefile index 1c2504b899e5..4df437e06c32 100644 --- a/usr.sbin/lpr/lpq/Makefile +++ b/usr.sbin/lpr/lpq/Makefile @@ -13,6 +13,4 @@ CFLAGS+= -I${.CURDIR}/../common_source DPADD= ${LIBLPR} LDADD= ${LIBLPR} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/lpr/Makefile b/usr.sbin/lpr/lpr/Makefile index cfeebb059d0c..1894b0089c04 100644 --- a/usr.sbin/lpr/lpr/Makefile +++ b/usr.sbin/lpr/lpr/Makefile @@ -18,6 +18,4 @@ WARNS?= 2 DPADD= ${LIBLPR} LDADD= ${LIBLPR} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/lprm/Makefile b/usr.sbin/lpr/lprm/Makefile index bd7e321b5501..44bc93ac27ec 100644 --- a/usr.sbin/lpr/lprm/Makefile +++ b/usr.sbin/lpr/lprm/Makefile @@ -15,6 +15,4 @@ CFLAGS+= -I${.CURDIR}/../common_source DPADD= ${LIBLPR} LDADD= ${LIBLPR} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/lpr/pac/Makefile b/usr.sbin/lpr/pac/Makefile index 3a157c9258ca..bd895a71a305 100644 --- a/usr.sbin/lpr/pac/Makefile +++ b/usr.sbin/lpr/pac/Makefile @@ -11,6 +11,4 @@ CFLAGS+= -I${.CURDIR}/../common_source DPADD= ${LIBLPR} LDADD= ${LIBLPR} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/mailstats/Makefile b/usr.sbin/mailstats/Makefile index a3cd5623b3f0..bd72fc6c5b76 100644 --- a/usr.sbin/mailstats/Makefile +++ b/usr.sbin/mailstats/Makefile @@ -31,8 +31,6 @@ DPADD+= ${SENDMAIL_DPADD} LDADD+= ${SENDMAIL_LDADD} LDFLAGS+= ${SENDMAIL_LDFLAGS} -NO_PIE= yes - sm_os.h: ln -sf ${SENDMAIL_DIR}/include/sm/os/sm_os_freebsd.h sm_os.h diff --git a/usr.sbin/makefs/Makefile b/usr.sbin/makefs/Makefile index 0e03fd3e35af..62531488128e 100644 --- a/usr.sbin/makefs/Makefile +++ b/usr.sbin/makefs/Makefile @@ -38,6 +38,4 @@ LDADD+= ${LIBNETBSD} DPADD+= ${LIBSBUF} ${LIBUTIL} LDADD+= -lsbuf -lutil -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/makemap/Makefile b/usr.sbin/makemap/Makefile index 2c2eef555c7b..80cafcbcfdba 100644 --- a/usr.sbin/makemap/Makefile +++ b/usr.sbin/makemap/Makefile @@ -34,8 +34,6 @@ DPADD+=${SENDMAIL_DPADD} LDADD+=${SENDMAIL_LDADD} LDFLAGS+=${SENDMAIL_LDFLAGS} -NO_PIE= yes - sm_os.h: ln -sf ${SENDMAIL_DIR}/include/sm/os/sm_os_freebsd.h sm_os.h diff --git a/usr.sbin/nmtree/Makefile b/usr.sbin/nmtree/Makefile index e09f3c410feb..9d24c0c4f92f 100644 --- a/usr.sbin/nmtree/Makefile +++ b/usr.sbin/nmtree/Makefile @@ -23,6 +23,4 @@ LDADD+= ${LIBNETBSD} LINKS= ${BINDIR}/mtree ${BINDIR}/nmtree MLINKS= mtree.8 nmtree.8 -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntp-keygen/Makefile b/usr.sbin/ntp/ntp-keygen/Makefile index 50753508461d..78308fae0ac8 100644 --- a/usr.sbin/ntp/ntp-keygen/Makefile +++ b/usr.sbin/ntp/ntp-keygen/Makefile @@ -21,6 +21,4 @@ DPADD+= ${LIBMD} ${LIBCRYPTO} LDADD+= -lmd -lcrypto .endif -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntpd/Makefile b/usr.sbin/ntp/ntpd/Makefile index 3422ad2ad0de..87b2d72b8544 100644 --- a/usr.sbin/ntp/ntpd/Makefile +++ b/usr.sbin/ntp/ntpd/Makefile @@ -4,8 +4,6 @@ MAN= .include <src.opts.mk> -NO_PIE= yes - .PATH: ${.CURDIR}/../../../contrib/ntp/ntpd PROG= ntpd diff --git a/usr.sbin/ntp/ntpdate/Makefile b/usr.sbin/ntp/ntpdate/Makefile index ea0fe1e4b2f8..f55ec92bc5d9 100644 --- a/usr.sbin/ntp/ntpdate/Makefile +++ b/usr.sbin/ntp/ntpdate/Makefile @@ -13,8 +13,6 @@ LDADD= ${LIBNTP} -lm -lmd -lrt CLEANFILES+= .version version.c -NO_PIE= yes - version.c: sh -e ${.CURDIR}/../scripts/mkver ntpdate diff --git a/usr.sbin/ntp/ntpdc/Makefile b/usr.sbin/ntp/ntpdc/Makefile index e4e8960982d4..d3c37e1b8fcb 100644 --- a/usr.sbin/ntp/ntpdc/Makefile +++ b/usr.sbin/ntp/ntpdc/Makefile @@ -22,8 +22,6 @@ CFLAGS+= -DHAVE_LIBEDIT -DHAVE_READLINE_READLINE_H \ CLEANFILES+= .version version.c -NO_PIE= yes - version.c: sh -e ${.CURDIR}/../scripts/mkver ntpdc diff --git a/usr.sbin/ntp/ntpq/Makefile b/usr.sbin/ntp/ntpq/Makefile index a1ddcd4cd931..369bd588e12e 100644 --- a/usr.sbin/ntp/ntpq/Makefile +++ b/usr.sbin/ntp/ntpq/Makefile @@ -24,8 +24,6 @@ CFLAGS+= -DHAVE_LIBEDIT -DHAVE_READLINE_READLINE_H \ CLEANFILES+= .version version.c -NO_PIE= yes - version.c: sh -e ${.CURDIR}/../scripts/mkver ntpq diff --git a/usr.sbin/ntp/ntptime/Makefile b/usr.sbin/ntp/ntptime/Makefile index af3f9051e875..d3bf7a74cfd9 100644 --- a/usr.sbin/ntp/ntptime/Makefile +++ b/usr.sbin/ntp/ntptime/Makefile @@ -10,6 +10,4 @@ CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include -I${.CURDIR}/../ DPADD= ${LIBNTP} LDADD= ${LIBNTP} -NO_PIE= yes - .include <bsd.prog.mk> diff --git a/usr.sbin/praliases/Makefile b/usr.sbin/praliases/Makefile index e1a9a2a79384..120028d6997b 100644 --- a/usr.sbin/praliases/Makefile +++ b/usr.sbin/praliases/Makefile @@ -34,8 +34,6 @@ LDFLAGS+=${SENDMAIL_LDFLAGS} DPADD+= ${SENDMAIL_DPADD} LDADD+= ${SENDMAIL_LDADD} -NO_PIE= yes - sm_os.h: ln -sf ${SENDMAIL_DIR}/include/sm/os/sm_os_freebsd.h sm_os.h diff --git a/usr.sbin/sendmail/Makefile b/usr.sbin/sendmail/Makefile index ffd22bd06a3b..893b6fd0d70a 100644 --- a/usr.sbin/sendmail/Makefile +++ b/usr.sbin/sendmail/Makefile @@ -7,8 +7,6 @@ SENDMAIL_DIR=${.CURDIR}/../../contrib/sendmail SMDIR= ${SENDMAIL_DIR}/src .PATH: ${SMDIR} -NO_PIE= yes - BINDIR= /usr/libexec/sendmail PROG= sendmail |