Pierre Pronchery <khorben%defora.org@localhost> writes:
> The good news is that I just found a couple issues with PKGSRC_MKPIE in
> the cwrappers, and could come up with a corresponding patch (attached).
> While I let Joerg review it (as trivial as it seems to be), I would like
> to ask if I can flip the switch once that patch committed, so that we
> can find as much as possible of the remaining fallout soon, and 2017Q4
> ships with PKGSRC_MKPIE enabled by default.
It may be approaching time (and definitely it's good to be away from the
branch), but I think we need to pause for discussion and there are in my
view too many loose ends (which I'd be very happy to see cleaned up).
So for now, I object.
With the variable abuse and documentation issues resolved, and a bit
more information about testing, I expect to withdraw my objection.
A quick grep of PIE in pkgsrc/doc/pkgsrc.txt turns up nothing. SSP and
FORTIFY are similarly undocumented. There was perhaps a notion that the
documentation was coming in arrears, but I think we should have required
that before enabling those by default. Someone who really understands
the details can explain this in not very many sentences, but the
relationship of MKPIE and ASLR is not so obvious that "MKPIE turns on
PIE!" would be adequate.
My impression is that PKGSRC_MKPIE is a global user-settable variable to
enable this, and you're talking about changing the value. There doesn't
seem to be a per-package variable to be set when enabling this breaks
the package. (I realize you may intend to fix all of those, but the
history of pkgsrc is that some things get fixed and some don't; see
MAKE_JOBS_SAFE for examples...) I realize also that previous hardening
features don't do this, and I think we need to stop diverging from the
plan of keeping user-settable and package-settable controls separate.
This seems relatively easy; I'd suggest we have MKPIE_SAFE=no in
packages to denote that MKPIE needs to be turned off for that package.
(Similarly, we need SSP_SAFE and FORTIFY_SAFE per-package variables.)
Would you be able to add this to the pkgsrc guide, explaining both the
user-settable variable and the package-settable variable, including a
few hints for packagers to tell when there's a problem caused by this?
I realize some find the xml unwieldy, but we have a history of someone
trying to get it right and adding things, and others being happy to
regen/fix as a team effort to improve our documentation.
Have you tested with and without cwrappers? So far, both have to work.
Do you mean that this is only active on NetBSD/{i386,amd64} >=8? What
happens on older versions of NetBSD?
How much testing has happened? It sounds like you have built a lot of
packages, and I've seen the commits. Can you explain how many on i386
and amd64? On NetBSD 6, 7, 8, -current? Did you run "make test" on
those?
Attachment:
signature.asc
Description: PGP signature