On 01/27/15 00:16, Theo de Raadt wrote:
On 01/26/15 19:34, Kurt Miller wrote:
We narrowed the definition of what a static pie binary is in the kernel.
This change is a flag day where newer kernels will not recognize older
pie binaries making upgrading via source hard. If you are running an
older version of -current, upgrade via snapshots prior to building a new
kernel from source to get over this flag day.
-Kurt
Is the below the change that is the flag day? Or, when is the FD?
Modified files:
sys/kern : exec_elf.c
Log message:
Require EFT shared objects have a PT_PHDR entry to be considered
a pie binary. The kernel will now reject executing a typical shared
library with EINVAL. This breaks compatibility with initial static pie
binaries and requires a recent user-land prior to upgrading. In
addition, more fine grained errors can be returned from execve(2)
when errors occur while attempting to execute ELF objects.
okay guenther@, kettenis@, deraadt@
Look, you'll be fine. There is approximately a 3-4 day window about
a 4 weeks or a month back, depending on architecture. Use snapshots,
if in doubt.
OK, already did that. The tense of the message is what made me question
this. Thanks. --STeve Andre'
