diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-08-29 17:00:31 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-08-29 17:00:31 +0000 |
| commit | 8568212eb4373d0dd74b5fa502aad4add539023f (patch) | |
| tree | d00b0f3f83982f3eb12558ebd8375dbe6679d9bd /sbin/resolvd | |
| parent | f2fdbdd7af357185a67b8758bf9361a0620796f7 (diff) | |
Dynamically link these /sbin daemons: dhcpleased, mountd, nfsd, pflogd,
resolvd, slaacd, unwind.
The mitigation story is way better: syscalls are in a randomly located
libc, and every syscall stub is randomly located inside that due to
random relinking. As opposed to fixed offset inside a release binary.
There is one known consequence: /usr nfs mounting must use statically
configured IP addresses.
ok kettenis florian, others
Diffstat (limited to 'sbin/resolvd')
| -rw-r--r-- | sbin/resolvd/Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/resolvd/Makefile b/sbin/resolvd/Makefile index 96281056e63..5ec376f123a 100644 --- a/sbin/resolvd/Makefile +++ b/sbin/resolvd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2021/02/24 18:10:41 florian Exp $ +# $OpenBSD: Makefile,v 1.2 2022/08/29 17:00:30 deraadt Exp $ PROG= resolvd SRCS= resolvd.c @@ -14,3 +14,6 @@ CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual CFLAGS+= -Wsign-compare .include <bsd.prog.mk> + +# Don't compile resolvd as static binary by default +LDSTATIC= |