On Sat, 3 Oct 2009, Andre Albsmeier wrote:


On Sat, 03-Oct-2009 at 16:27:32 -0400, jhell wrote:
On Sat, 3 Oct 2009 14:42 -0000, Andre.Albsmeier wrote:


after setting security.bsd.map_at_zero to 0 on 7.2-STABLE all
samba33 programmes did abort() immediately after start. The
solution was to use

CONFIGURE_ARGS+= --disable-pie


To add an additional note samba33 even when not running (not enabled by a rcvar)
also runs a tdbcleanup routine on shutdown and/or start that also does

Yes, every samba programme is linked with -pie per default (so
all abort()).

Thanks for reporting the issue.  People are aware of the problem now
and we'll try to present a solution within the next days for better
position-independent executable (PIE) handling.

Meanwhile there are multiple solutions for people affected:

(1) recompile the port; but as more than just samba might be affected
    and we generally do not want to flip the pie switch everywhere that's
probably only a temporary, private solution.

At the current time ports people should NOT commit any changes to add
this option to ports to work around the problem.

(2) If you are on 7.x or 6.x, and you are experiencing this problem
    you flipped the sysctl or tunable yourself.
If you are on 8.x or 9.x the feature is enabled by default.

As hinted in the errata notice[1] you can use the tunable or sysctl
to change the behaviour, (temporary) allowing 0-mappings, if you can
accept the possible risk the change tries to mitigate.
The tunable/sysctl in question is:
and should be set to 1 to permit 0-mappings.
This might be the easier option in contrast to (1).
If you do this do not forget to change it back again once the issue
will be patched.
You should also make sure that you are running with a fully patched kernel.

As we will try to keep the default in 8.x and 9.x to disallow user
mappings at virtual address 0,  we are interested in further issues
that were not yet metnioned in either this thread or the Errata Notice.


[1]  http://security.freebsd.org/advisories/FreeBSD-EN-09:05.null.asc

Bjoern A. Zeeb         It will not break if you know what you are doing.
freebsd-stable@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to