Re: Enabling PKGSRC_MKPIE by default

[John Nemeth <jnemeth%cue.bc.ca@localhost>]

On Oct 28, 10:05am, Greg Troxel wrote:
} Pierre Pronchery <khorben%defora.org@localhost> writes:
} 
} > The good news is that I just found a couple issues with PKGSRC_MKPIE in
} > the cwrappers, and could come up with a corresponding patch (attached).
} > While I let Joerg review it (as trivial as it seems to be), I would like
} > to ask if I can flip the switch once that patch committed, so that we
} > can find as much as possible of the remaining fallout soon, and 2017Q4
} > ships with PKGSRC_MKPIE enabled by default.
} 
} It may be approaching time (and definitely it's good to be away from the
} branch), but I think we need to pause for discussion and there are in my
} view too many loose ends (which I'd be very happy to see cleaned up).
} 
} So for now, I object.
} 
} With the variable abuse and documentation issues resolved, and a bit
} more information about testing, I expect to withdraw my objection.
} 
} A quick grep of PIE in pkgsrc/doc/pkgsrc.txt turns up nothing.  SSP and
} FORTIFY are similarly undocumented.  There was perhaps a notion that the
} documentation was coming in arrears, but I think we should have required
} that before enabling those by default.   Someone who really understands
} the details can explain this in not very many sentences, but the
} relationship of MKPIE and ASLR is not so obvious that "MKPIE turns on
} PIE!" would be adequate.
} 
} My impression is that PKGSRC_MKPIE is a global user-settable variable to
} enable this, and you're talking about changing the value.  There doesn't
} seem to be a per-package variable to be set when enabling this breaks
} the package.  (I realize you may intend to fix all of those, but the
} history of pkgsrc is that some things get fixed and some don't; see
} MAKE_JOBS_SAFE for examples...)  I realize also that previous hardening
} features don't do this, and I think we need to stop diverging from the
} plan of keeping user-settable and package-settable controls separate.
} This seems relatively easy; I'd suggest we have MKPIE_SAFE=no in
} packages to denote that MKPIE needs to be turned off for that package.
} (Similarly, we need SSP_SAFE and FORTIFY_SAFE per-package variables.)

     On a sidenote, is PKGSRC_USE_SSP intended to be a user-settable
or package-settable variable.  Packages like xenkernel* use it as
if it is package-settable since there was likely nothing better at
the time.

     And, yes, there is a lot of stuff missing from the pkgsrc
guide.  There are a number of things where the only "documentation"
is looking for prior art or asking a long time pkgsrc developer.

}-- End of excerpt from Greg Troxel