On May 10, 2014, at 10:45 AM, Shawn Webb <latt...@gmail.com> wrote:

> Hey All,
> It seems that the recent changes to the makefiles for building
> world/kernel have broken some modifications I have locally for
> implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd
> ask for a bit of help. I'm sure the solution is quite simple.
> My code is up on GitHub. I'll include links at the bottom of the email.
> The code in question is in share/mk/bsd.prog.mk, where I'm checking to
> see if MK_PIE is not equal to "no". Prior to the recent changes, this
> code used to work. (Please note that I know that the way I'm cheking is
> a bit bloated, if anyone has any suggestions to trim my code down, let
> me know).

You’ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since
bsd.*.mk files need it.

> How this feature is supposed to work is:
> 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building
> applications as position-independent executables opt-in.
> 2) User adds WITH_PIE=1 to /etc/src.conf or /etc/make.conf
> 3) The application being built needs to also specify CAN_PIE=1 in its
> Makefile. This is because some applications don't support being built as
> a position-independent executable.
> 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional
> The log from my build is here: http://ix.io/cf0
> My code is here:
> https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/share/mk/bsd.prog.mk#L14-L22

Maybe RESCUE should define NO_SHARED=yes since it is building a
static binary so you can eliminate a special case that infects the bsd.*.mk 
with defines from our src build?

Hate that you are propagating the NO_SHARED=no interface, but can’t
offer at better suggestion at the moment. I’d kinda like to kill that…


> Thanks,
> Shawn
> CC: i...@bsdimp.com

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to