Position-Independent Executable Support Added to FreeBSD

Ever since my presentation at BSDCan, I've been working with a talented individual named Bryan Drewery to help get the ASLR work merged into FreeBSD. We've now merged in one major part of the ASLR work: Position-Independent Executable (PIE) support. Adding this feature makes it so that normal executables can be relocated in memory and still run. Normally, without PIE, an executable tells the operating system at what address it expects to be loaded. If the executable isn't loaded at that address, things can (and likely will) go wrong. However, when compiled as a PIE, the executable tells the operating system that it can be loaded anywhere, and it'll make do. Essentially, it turns your executable from a normal executable (ELF type ET_EXEC) to a shared object (ELF type ET_DYN).

FreeBSD has supported loading PIEs for a while now, but the applications in base weren't compiled as PIEs. Given that ASLR is useless without PIE, getting base compiled with PIE support is a mandatory first step in proper ASLR support. I had to make some exceptions (certain applications don't support being compiled as a PIE mainly due to statically linking in libraries), but most applications in base can now be compiled as a PIE. If you're tracking 11-CURRENT, then all you have to do is add WITH_PIE=1 to your /etc/{make,src}.conf. I've tested these binaries on i386, amd64, sparc64, and ARM.

My next goal is to make our ASLR patches fit with FreeBSD's kernel coding style guidelines. We'll likely do one more Call For Testing (CFT) and get sign-offs from a number of FreeBSD developers. We still have a ways to go, but we're getting closer each day. I'd like to thank Bryan Drewery for sponsoring this work on FreeBSD's side. He's really fun to work with and is taking the blunt edge of the sword for some of this work. It's truly an honor to work with him.

Also, you can find my video from BSDCan here. I'll be going to EuroBSDCon, which is held in Sofia, Bulgaria, in September to give an updated version of the presentation and represent SoldierX.