On Thu, 8 Oct 2009, Daniel Eischen wrote:
While it's probably a bug that the Samba port compiles --pie, it's also a
bug that our linking bits aren't handling PIE properly either. The goal is
to fix PIE with the non-NULL mapping feature in the immediate future, so
with any luck the abort message won't matter too much longer.
How about reverting this change or defaulting security.bsd.map_at_zero=1
until either ports can handle this properly or our -pie is fixed, and we've
had at least a release with pre-built packages that don't have the problem?
Sorry, I should have been more clear: the problem is with run-time linking,
not compile-time linking. Kostik has just posted patches for the run-time
linker to current@, which should allow the existing binaries to work with
map_at_zero=0. If we aren't able to get the run-time linker fixes into 8.0,
we will definitely revert the default change for map_at_zero so that it is
enabled. However, since there is a significant security benefit to shipping
with map_at_zero disabled, I think we should try hard to ship 8.0 with a fixed
rtld.
Robert
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
