Revision tags: release/14.0.0 |
|
#
b2c76c41 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line nroff pattern
Remove /^\.\\"\s*\$FreeBSD\$$\n/
|
Revision tags: release/13.2.0, release/12.4.0 |
|
#
2f3a9614 |
| 22-Jun-2022 |
Ed Maste <emaste@FreeBSD.org> |
Add RELRO build knob, default to enabled
Note that lld enables relro by default, so that we already had either partial or full RELRO, depending on the state of the BIND_NOW knob.
Add a RELRO knob s
Add RELRO build knob, default to enabled
Note that lld enables relro by default, so that we already had either partial or full RELRO, depending on the state of the BIND_NOW knob.
Add a RELRO knob so that the option can be disabled if desired, and so that builds using the GNU toolchain are equivalent to those using the standard Clang/LLVM toolchain.
Reviewed by: markj MFC after: 3 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35545
show more ...
|
Revision tags: release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
#
c06e7b66 |
| 07-Nov-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r340126 through r340212.
|
#
bf81eb3c |
| 06-Nov-2018 |
Ed Maste <emaste@FreeBSD.org> |
Add a WITH_BIND_NOW build knob
The linker's -z now flag sets the DF_BIND_NOW flag, which signals to the runtime loader that all relocation processing should be performed at process startup rather th
Add a WITH_BIND_NOW build knob
The linker's -z now flag sets the DF_BIND_NOW flag, which signals to the runtime loader that all relocation processing should be performed at process startup rather than on demand. In combination with lld's default of enabling relro this causes the GOT to be made read-only when the process starts, preventing straightforward GOT overwrite attacks.
Shawn Webb discovered a failure on HardenedBSD with BIND_NOW and ifunc use, which resulted in my rtld fix in r340137. Add a BIND_NOW knob as it is trivial to do so and is a useful ELF hardening feature. This change is equivalent to HardenedBSD's but not identical as there are other diffs/conflicts nearby.
Note that our ELF Tool Chain readelf does not currently decode the DF_BIND_NOW flag - see PR232983.
Reviewed by: brooks MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17846
show more ...
|