From 5608fd23c27fa1e8ee595d7b678cbfd35d657fbe Mon Sep 17 00:00:00 2001 From: Bryan Drewery Date: Tue, 19 Aug 2014 15:04:32 +0000 Subject: Revert r267233 for now. PIE support needs to be reworked. 1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other build-only utility libraries. 2. Another 40% is fixed by generating _pic.a variants of various libraries. 3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR) where it never would work anyhow, such as csu or loader. This suggests there may be better ways of adding support to the tree. Many of these cases can be fixed such that -fPIE will work but there is really no reason to have it in those cases. 4. Some of the uses are working around hacks done to some Makefiles that are really building libraries but have been using bsd.prog.mk because the code is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have been needed. We likely do want to enable PIE by default (opt-out) for non-tree consumers (such as ports). For in-tree though we probably want to only enable PIE (opt-in) for common attack targets such as remote service daemons and setuid utilities. This is also a great performance compromise since ASLR is expected to reduce performance. As such it does not make sense to enable it in all utilities such as ls(1) that have little benefit to having it enabled. Reported by: kib --- kerberos5/usr.bin/hxtool/Makefile | 2 -- kerberos5/usr.bin/kadmin/Makefile | 2 -- kerberos5/usr.bin/kcc/Makefile | 2 -- kerberos5/usr.bin/kdestroy/Makefile | 2 -- kerberos5/usr.bin/kf/Makefile | 2 -- kerberos5/usr.bin/kgetcred/Makefile | 2 -- kerberos5/usr.bin/kinit/Makefile | 2 -- kerberos5/usr.bin/kpasswd/Makefile | 2 -- kerberos5/usr.bin/ksu/Makefile | 2 -- kerberos5/usr.bin/string2key/Makefile | 2 -- kerberos5/usr.bin/verify_krb5_conf/Makefile | 2 -- 11 files changed, 22 deletions(-) (limited to 'kerberos5/usr.bin') diff --git a/kerberos5/usr.bin/hxtool/Makefile b/kerberos5/usr.bin/hxtool/Makefile index a51dd7df73d6..3946484b78a1 100644 --- a/kerberos5/usr.bin/hxtool/Makefile +++ b/kerberos5/usr.bin/hxtool/Makefile @@ -10,8 +10,6 @@ DPADD= ${LIBHX509} ${LIBROKEN} ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBSL} ${LI LDADD= -lhx509 -lroken -lasn1 -lcrypto -lcrypt ${LIBSL} ${LIBVERS} -ledit SRCS= hxtool.c hxtool-commands.c hxtool-commands.h -NO_PIE= yes - hxtool-commands.h: hxtool-commands.in ${SLC} ${.ALLSRC:M*.in} diff --git a/kerberos5/usr.bin/kadmin/Makefile b/kerberos5/usr.bin/kadmin/Makefile index b01d78923a8d..8ea3efc01564 100644 --- a/kerberos5/usr.bin/kadmin/Makefile +++ b/kerberos5/usr.bin/kadmin/Makefile @@ -36,8 +36,6 @@ LDADD= -lkadm5clnt -lkadm5srv -lhdb -lkrb5 -lhx509 \ -ledit -lncursesw ${LDAPLDADD} LDFLAGS=${LDAPLDFLAGS} -NO_PIE= yes - .include kadmin-commands.h: ${KRB5DIR}/kadmin/kadmin-commands.in diff --git a/kerberos5/usr.bin/kcc/Makefile b/kerberos5/usr.bin/kcc/Makefile index 16487a2362bd..3da43d7a35b2 100644 --- a/kerberos5/usr.bin/kcc/Makefile +++ b/kerberos5/usr.bin/kcc/Makefile @@ -19,8 +19,6 @@ SRCS= kcc.c \ kswitch.c \ copy_cred_cache.c -NO_PIE= yes - kcc-commands.h: kcc-commands.in ${SLC} ${.ALLSRC:M*.in} diff --git a/kerberos5/usr.bin/kdestroy/Makefile b/kerberos5/usr.bin/kdestroy/Makefile index 6ec3e9b294a2..b3946e42fd29 100644 --- a/kerberos5/usr.bin/kdestroy/Makefile +++ b/kerberos5/usr.bin/kdestroy/Makefile @@ -8,8 +8,6 @@ LDADD= -lkafs5 -lkrb5 -lheimntlm -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt MAN= kdestroy.1 -NO_PIE= yes - .include .PATH: ${KRB5DIR}/kuser diff --git a/kerberos5/usr.bin/kf/Makefile b/kerberos5/usr.bin/kf/Makefile index 024470072197..c9d3fceb14f8 100644 --- a/kerberos5/usr.bin/kf/Makefile +++ b/kerberos5/usr.bin/kf/Makefile @@ -9,8 +9,6 @@ DPADD= ${LIBKRB5} ${LIBROKEN} ${LIBASN1} ${LIBCRYPTO} \ LDADD= -lkrb5 -lroken -lasn1 -lcrypto -lcrypt \ ${LIBVERS} -NO_PIE= yes - .include .PATH: ${KRB5DIR}/appl/kf diff --git a/kerberos5/usr.bin/kgetcred/Makefile b/kerberos5/usr.bin/kgetcred/Makefile index d6ca2fc23ea3..dac38adcc18a 100644 --- a/kerberos5/usr.bin/kgetcred/Makefile +++ b/kerberos5/usr.bin/kgetcred/Makefile @@ -6,8 +6,6 @@ CFLAGS+= -I${KRB5DIR}/lib/asn1 \ DPADD= ${LIBKRB5} ${LIBROKEN} ${LIBASN1} ${LIBCRYPTO} ${LIBCRYPT} ${LIBVERS} LDADD= -lkrb5 -lroken -lasn1 -lcrypto -lcrypt ${LIBVERS} -NO_PIE= yes - .include .PATH: ${KRB5DIR}/kuser diff --git a/kerberos5/usr.bin/kinit/Makefile b/kerberos5/usr.bin/kinit/Makefile index cefadf31f4c9..e0229f98079d 100644 --- a/kerberos5/usr.bin/kinit/Makefile +++ b/kerberos5/usr.bin/kinit/Makefile @@ -7,8 +7,6 @@ DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHEIMNTLM} ${LIBROKEN} ${LIBVERS} \ LDADD= -lkafs5 -lkrb5 -lheimntlm -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err -NO_PIE= yes - .include .PATH: ${KRB5DIR}/kuser diff --git a/kerberos5/usr.bin/kpasswd/Makefile b/kerberos5/usr.bin/kpasswd/Makefile index 2663892db08b..a9ab1c99ec89 100644 --- a/kerberos5/usr.bin/kpasswd/Makefile +++ b/kerberos5/usr.bin/kpasswd/Makefile @@ -7,8 +7,6 @@ DPADD= ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ LDADD= -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err -NO_PIE= yes - .include .PATH: ${KRB5DIR}/kpasswd diff --git a/kerberos5/usr.bin/ksu/Makefile b/kerberos5/usr.bin/ksu/Makefile index 3f4ba31f6cde..9e2786577ff8 100644 --- a/kerberos5/usr.bin/ksu/Makefile +++ b/kerberos5/usr.bin/ksu/Makefile @@ -13,8 +13,6 @@ DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ LDADD= -lkafs5 -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err -NO_PIE= yes - .include .PATH: ${KRB5DIR}/appl/su diff --git a/kerberos5/usr.bin/string2key/Makefile b/kerberos5/usr.bin/string2key/Makefile index 32797f3212c8..fc790e24dd88 100644 --- a/kerberos5/usr.bin/string2key/Makefile +++ b/kerberos5/usr.bin/string2key/Makefile @@ -11,8 +11,6 @@ DPADD= ${LIBHDB} ${LIBKRB5} ${LIBROKEN} ${LIBASN1} ${LIBCRYPTO} \ ${LIBCRYPT} ${LIBVERS} LDADD= -lhdb -lkrb5 -lroken -lasn1 -lcrypto -lcrypt ${LIBVERS} -NO_PIE= yes - .include .PATH: ${KRB5DIR}/kdc diff --git a/kerberos5/usr.bin/verify_krb5_conf/Makefile b/kerberos5/usr.bin/verify_krb5_conf/Makefile index 9968dd6018e6..830e66a29115 100644 --- a/kerberos5/usr.bin/verify_krb5_conf/Makefile +++ b/kerberos5/usr.bin/verify_krb5_conf/Makefile @@ -8,8 +8,6 @@ DPADD= ${LIBKAFS5} ${LIBKRB5} ${LIBHX509} ${LIBROKEN} ${LIBVERS} \ LDADD= -lkafs5 -lkrb5 -lhx509 -lroken ${LIBVERS} \ -lasn1 -lcrypto -lcrypt -lcom_err -NO_PIE= yes - .include .PATH: ${KRB5DIR}/lib/krb5 -- cgit v1.2.3