Skip to content

Commit

Permalink
features: Add support to build ports as PIE executables.
Browse files Browse the repository at this point in the history 
This will allow utilization of ASLR provided by the kernel.

Sponsored by:	Netflix
  • Loading branch information
@jatinkataria @bapt
jatinkataria authored and bapt committed Oct 26, 2022
1 parent e3400d4 commit c6e7c89
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 4 deletions.
14 changes: 14 additions & 0 deletions Mk/Features/pie.mk
View file
@@ -0,0 +1,14 @@
# PIE Support

.if !defined(_PIE_MK_INCLUDED)
_PIE_MK_INCLUDED= yes
PIE_Include_MAINTAINER= portmgr@FreeBSD.org

. if !defined(PIE_UNSAFE)
PIE_CFLAGS?= -fPIE -fPIC
CFLAGS+= ${PIE_CFLAGS}
CXXFLAGS+= ${PIE_CFLAGS}
LDFLAGS+= -pie
. endif
.endif

7 changes: 6 additions & 1 deletion Mk/Uses/go.mk
View file
Expand Up @@ -90,7 +90,12 @@ GO_PKGNAME= ${PORTNAME}
GO_TARGET?= ${GO_PKGNAME}
GO_TESTTARGET?= ./...

GO_BUILDFLAGS+= -v -buildmode=exe -trimpath
.if !defined(PIE_UNSAFE)
GO_BUILDFLAGS+= -buildmode=pie
.else
GO_BUILDFLAGS+= -buildmode=exe
.endif
GO_BUILDFLAGS+= -v -trimpath
. if !defined(WITH_DEBUG) && empty(GO_BUILDFLAGS:M-ldflags*)
GO_BUILDFLAGS+= -ldflags=-s
. endif
Expand Down
9 changes: 6 additions & 3 deletions Mk/bsd.port.mk
View file
Expand Up @@ -339,6 +339,11 @@ FreeBSD_MAINTAINER= portmgr@FreeBSD.org
# can be used in Makefiles by port maintainers
# if a port breaks with it (it should be
# extremely rare).
# PIE_CFLAGS - Defaults to -fPIE -fPIC. This value
# is added to CFLAGS and the necessary flags
# are added to LDFLAGS. Note that PIE_UNSAFE
# can be used in Makefiles by port maintainers
# if a port breaks with it.
##
# USE_LOCALE - LANG and LC_ALL are set to the value of this variable in
# CONFIGURE_ENV and MAKE_ENV. Example: USE_LOCALE=en_US.UTF-8
Expand Down Expand Up @@ -1012,7 +1017,7 @@ LC_ALL= C
# These need to be absolute since we don't know how deep in the ports
# tree we are and thus can't go relative. They can, of course, be overridden
# by individual Makefiles or local system make configuration.
_LIST_OF_WITH_FEATURES= debug lto ssp
_LIST_OF_WITH_FEATURES= debug lto ssp pie
_DEFAULT_WITH_FEATURES= ssp
PORTSDIR?= /usr/ports
LOCALBASE?= /usr/local
Expand Down Expand Up @@ -1776,8 +1781,6 @@ CFLAGS:= ${CFLAGS:C/${_CPUCFLAGS}//}
. endif
. endfor

# XXX PIE support to be added here
MAKE_ENV+= NO_PIE=yes
# We will control debug files. Don't let builds that use /usr/share/mk
# split out debug symbols since the plist won't know to expect it.
MAKE_ENV+= MK_DEBUG_FILES=no
Expand Down

0 comments on commit c6e7c89

Please sign in to comment.