On 5/25/14, Dag-Erling Smørgrav <des_at_des.no> wrote: > Oliver Pinter <oliver.pntr_at_gmail.com> writes: >> PAX LOG: implement new logging subsystem >> PAX LOG: fix pax_ulog_segvguard >> PAX LOG: added sysctl's and tunables >> PAX ASLR: use PAX LOG >> PAX LOG: fix pax_ulog_##name() >> PAX LOG: fix prison init >> PAX LOG: fixed log and ulog sysctl > > What exactly is the purpose of PAX LOG? Have you considered using > ktrace instead? pax_log will be in future a generic pax related logging framework, with ratelimiting and other features. It will log user, IP, binary name, path, checksum, and others. > >> PAX: blacklist clang and related binaries from PIE support > > Why? Performance, or do they actually break? No. If you definded WITH_CLANG_EXTRAS= in src.conf, the breaked the build. (added dim_at_ to CC) --- usr.bin.all__D --- /usr/obj/usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint/../../../lib/clang/libllvmirreader/libllvmirreader.a: could not read symbols: Bad value c++: error: linker command failed with exit code 1 (use -v to see invocation) *** [bugpoint] Error code 1 bmake[5]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint 1 error bmake[5]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/bugpoint *** [all_subdir_bugpoint] Error code 2 bmake[4]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang --- usr.sbin.all__D --- A failure has been detected in another branch of the parallel make bmake[5]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.sbin/acpi/iasl *** [all] Error code 2 bmake[4]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.sbin/acpi 1 error bmake[4]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.sbin/acpi *** [all_subdir_acpi] Error code 2 bmake[3]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.sbin 1 error bmake[3]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.sbin *** [usr.sbin.all__D] Error code 2 bmake[2]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git --- usr.bin.all__D --- --- all_subdir_tblgen --- A failure has been detected in another branch of the parallel make bmake[5]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang/tblgen *** [all_subdir_tblgen] Error code 2 bmake[4]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang 2 errors bmake[4]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin/clang *** [all_subdir_clang] Error code 2 bmake[3]: stopped in /usr/data/source/git/opBSD/hardenedBSD.git/usr.bin > >> PAX ASLR: Blacklist the applications that don't support being built >> as a position-independent executable > > "don't support" as in you have tested them and confirmed that they break > in some way? Could you post your test methodology so people can > replicate the failures and look into fixing them? > >> PAX ASLR: Use a full kernel config for LATT-ASLR > > What is the difference between LATT-ASLR and OP-ASLR, and why not just > "include GENERIC"? You know about "nooptions", right? In upstreamed patch will be removed this kernel configs. These are Shawn's and my kernel config. > >> Revert "PAX: blacklist clang and related binaries from PIE support" >> Revert "Revert "PAX: blacklist clang and related binaries from PIE >> support"" > > Hmm... See above. > > DES > -- > Dag-Erling Smørgrav - des_at_des.no >Received on Sun May 25 2014 - 15:42:17 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:49 UTC