Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-12 Thread Martin Husemann
On Tue, Apr 12, 2016 at 07:59:49PM -0700, Matt Thomas wrote: > The install media don't include ld.elf_so so that's probably the problem > there. > We would need crt0 support for static pie to do the rel/rela relocations > intrinsic to those images. Indeed. Bringing over "-static -pie" support

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-12 Thread Matt Thomas
> On Apr 11, 2016, at 7:29 AM, Martin Husemann wrote: > > On Mon, Apr 11, 2016 at 10:23:11AM -0400, Christos Zoulas wrote: >> I still don't understand why the else part is needed. > > I assumed it had never been tested on anything but amd64 (and your commit > log and the

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-11 Thread Martin Husemann
On Mon, Apr 11, 2016 at 10:23:11AM -0400, Christos Zoulas wrote: > I still don't understand why the else part is needed. I assumed it had never been tested on anything but amd64 (and your commit log and the comments only talked about defaulting amd64 to on). But indeed, w/o aslr turned on for

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-11 Thread Christos Zoulas
On Apr 11, 4:52pm, g...@gson.org (Andreas Gustafsson) wrote: -- Subject: Re: PIE binaries and ASLR are on in the default build for amd64 | Christos Zoulas wrote: | > 2 is ENOENT... It does not find any files? | | This was on i386, and should be fixed by Martin's commit of bsd.own.mk | 1.920. I

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-11 Thread Christos Zoulas
On Apr 11, 9:34am, g...@gson.org (Andreas Gustafsson) wrote: -- Subject: Re: PIE binaries and ASLR are on in the default build for amd64 | Christos Zoulas wrote: | > Please repoort any issues! | | The install media are failing to boot on the testbed: | | exec /sbin/init: error 2 | init:

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-11 Thread Martin Husemann
On Mon, Apr 11, 2016 at 09:34:15AM +0300, Andreas Gustafsson wrote: > Christos Zoulas wrote: > > Please repoort any issues! > > The install media are failing to boot on the testbed: Should be fixed! Martin

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-11 Thread Andreas Gustafsson
Christos Zoulas wrote: > Please repoort any issues! The install media are failing to boot on the testbed: exec /sbin/init: error 2 init: trying /sbin/oinit exec /sbin/oinit: error 2 init: trying /sbin/init.bak exec /sbin/init.bak: error 2 init: trying /rescue/init exec

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-10 Thread Martin Husemann
On Sun, Apr 10, 2016 at 04:42:45PM +, Christos Zoulas wrote: > security.pax.aslr.global: Enable/disable ASLR default (you can > override this on individual binaries > via ELF notes) Hint: see paxctl(8). Other architectures will

Re: PIE binaries and ASLR are on in the default build for amd64

2016-04-10 Thread Christos Zoulas
In article <20160410153633.1bb9817f...@rebar.astron.com>, Christos Zoulas wrote: In more detail: 1. MKPIE is now on, creating PIE binaries; this is done in bsd.own.mk. You can turn it by putting MKPIE=no in /etc/mk.conf. 2. The value of the sysctl