Hello Marcin W dniu 24.01.2022 o 19:43, Marcin Wojtas pisze:
Hi Marek,pon., 24 sty 2022 o 08:17 Marek Zarychta <zarych...@plan-b.pwste.edu.pl> napisał(a):W dniu 24.01.2022 o 07:42, Marcin Wojtas pisze:+freebsd-stable@ niedz., 23 sty 2022 o 11:36 Marcin Wojtas <m...@semihalf.com> napisał(a):Hi, As of 396e9f259d962 the base system binaries are now built as position-independent executable (PIE) by default, for 64-bit architectures. Thanks to that enabling ASLR can be done simply by sysctls knobs when booting the kernel. If you track stable/13 and normally build WITHOUT_CLEAN you'll need to do one initial clean build -- either run `make cleanworld` or set WITH_CLEAN=yes. The change is a pure MFC of the changes integrated to -CURRENT early 2021 and no issues are expected, but in case any problems are observed, please issue a PR and/or let me know in this thread. Best regards, MarcinThanks for enabling this. If I understand it correctly we got some improvements mentioned here[1] and it doesn't imply that ASLR has to be enabled, especially kern.elf64.aslr.pie_enable can be still set to 0 ?Currently it still remains opt-in on stable/13 and is disabled by default. Best regards, Marcin
Thanks for the answer. I am not willing to turn ASLR on at this point, but rather asking if my world, already built with PIE, will bring any other enhancements or improvements?
[1] https://www.mail-archive.com/freebsd-current@freebsd.org/msg183605.html
With kind regards, -- Marek Zarychta
OpenPGP_signature
Description: OpenPGP digital signature
