Hi,
pon., 24 sty 2022 o 20:48 Marek Zarychta <zarych...@plan-b.pwste.edu.pl> napisał(a): > > Hello Marcin > W dniu 24.01.2022 o 19:43, Marcin Wojtas pisze: > > Hi Marek, > > > > pon., 24 sty 2022 o 08:17 Marek Zarychta > > <zarych...@plan-b.pwste.edu.pl> napisał(a): > >> > >> W dniu 24.01.2022 o 07:42, Marcin Wojtas pisze: > >>> +freebsd-stable@ > >>> > >>> niedz., 23 sty 2022 o 11:36 Marcin Wojtas <m...@semihalf.com> napisał(a): > >>>> > >>>> Hi, > >>>> > >>>> As of 396e9f259d962 the base system binaries are now built as > >>>> position-independent executable (PIE) by default, for 64-bit > >>>> architectures. Thanks to that enabling ASLR can be done simply > >>>> by sysctls knobs when booting the kernel. > >>>> > >>>> If you track stable/13 and normally build WITHOUT_CLEAN you'll need to > >>>> do one initial clean build -- either run `make cleanworld` or set > >>>> WITH_CLEAN=yes. > >>>> > >>>> The change is a pure MFC of the changes integrated to -CURRENT early > >>>> 2021 and no issues are expected, but in case any problems are observed, > >>>> please issue a PR and/or let me know in this thread. > >>>> > >>>> Best regards, > >>>> Marcin > >>> > >> > >> Thanks for enabling this. If I understand it correctly we got some > >> improvements mentioned here[1] and it doesn't imply that ASLR has to be > >> enabled, especially kern.elf64.aslr.pie_enable can be still set to 0 ? > >> > > > > Currently it still remains opt-in on stable/13 and is disabled by default. > > > > Best regards, > > Marcin > > Thanks for the answer. I am not willing to turn ASLR on at this point, > but rather asking if my world, already built with PIE, will bring any > other enhancements or improvements? > If your world is already built with PIE, the MFC'ed patches should make no difference at all. Best regards, Marcin > > > >> > >> [1] https://www.mail-archive.com/freebsd-current@freebsd.org/msg183605.html > >> > > > With kind regards, > > -- > Marek Zarychta
