Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
[MERGED INTO 16.7.7] Base PIE
« previous
next »
Print
Pages: [
1
]
Author
Topic: [MERGED INTO 16.7.7] Base PIE (Read 12143 times)
franco
Administrator
Hero Member
Posts: 17653
Karma: 1610
[MERGED INTO 16.7.7] Base PIE
«
on:
September 22, 2016, 06:05:21 pm »
Hi all,
We have a new CFT ready for you now. We are looking for feedback for these three issues below:
(a) Shawn has added Position Independent Executable flags to the FreeBSD 10.3 base utilities, which means this patch will make good use of ASLR by randomising all the things (pardon the lack of expertise). The main thread for this change is below, having to do with a possible performance impact on i386 installations:
https://forum.opnsense.org/index.php?topic=3101.msg9695#msg9695
(b) We have a working patch for people having trouble with Mutli-WAN setups which ignore the Captive Portal.
(c) We also have a working patch for people having trouble with the transparent proxy which ignores the Captive Portal, too. It is closely related to (b), but a different code path.
The kernel patch for (b) and (c) can be found here:
https://github.com/opnsense/src/commit/83fd8a61b9
A new kernel patch is currently tested, approaching the problem from a different perspective. It should be available next week. Testing Base PIE is still possible and highly appreciated.
To upgrade your installation just run the following:
# opnsense-update -br 16.7.2-pie-route && /usr/local/etc/rc.reboot
and let us know what fix you were looking for and if that solved your issue and/or if new issues appeared.
The patches have gone through a few days of testing and tinkering and are likely targets for an upcoming 16.7.x update pending your approval.
Thanks,
Franco
«
Last Edit: October 29, 2016, 04:26:49 pm by franco
»
Logged
lattera
Full Member
Posts: 207
Karma: 82
Re: [CALL FOR TESTING] Base PIE
«
Reply #1 on:
September 30, 2016, 03:03:15 pm »
I updated this morning without a single issue. Here's a screenshot of it working flawlessly for me:
https://goo.gl/photos/MjUvMjc2t7D4bZZb7
Logged
franco
Administrator
Hero Member
Posts: 17653
Karma: 1610
Re: [CALL FOR TESTING] Base PIE
«
Reply #2 on:
October 01, 2016, 01:58:22 pm »
I also saw no problems so we're likely going ahead with this in the next base/kernel update.
Help testing/verifying still welcome!
Cheers,
Franco
Logged
franco
Administrator
Hero Member
Posts: 17653
Karma: 1610
Re: [CALL FOR TESTING] Base PIE
«
Reply #3 on:
October 06, 2016, 09:03:28 am »
I'm closing this CFT.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
[MERGED INTO 16.7.7] Base PIE