Add WITH_PIE knob to build Position Independent Executables

Building binaries as PIE allows the executable itself to be loaded at a
random address when ASLR is enabled (not just its shared libraries).

With this change PIE objects have a .pieo extension and INTERNALLIB
libraries libXXX_pie.a.

MK_PIE is disabled for some kerberos5 tools, Clang, and Subversion, as
they explicitly reference .a libraries in their Makefiles.  These can
be addressed on an individual basis later.  MK_PIE is also disabled for
rtld-elf because it is already position-independent using bespoke
Makefile rules.

Currently only dynamically linked binaries will be built as PIE.

Discussed with:	dim
Reviewed by:	kib
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18423
This commit is contained in:
Ed Maste
2019-02-15 22:22:38 +00:00
parent ca62461bc6
commit bcf99d2d99
13 changed files with 87 additions and 24 deletions
+1
View File
@@ -6,6 +6,7 @@ LIBROKEN_A= ${.OBJDIR:H:H}/lib/libroken/libroken.a
LIBADD= vers
LDADD= ${LIBROKEN_A}
DPADD= ${LIBROKEN_A}
MK_PIE:= no
SRCS= \
asn1parse.y \
+1
View File
@@ -6,6 +6,7 @@ LIBADD= vers
LDADD= ${LIBROKEN_A}
DPADD= ${LIBROKEN_A}
MAN=
MK_PIE:= no
SRCS= roken.h \
slc-gram.y \