Changeset 530771a
- Timestamp:
- 09/10/2022 10:30:11 PM (2 years ago)
- Branches:
- multilib, xry111/multilib
- Children:
- c49c1fb
- Parents:
- 3c20ad9 (diff), 8d3b254 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
chapter05/gcc-pass1.xml
r3c20ad9 r530771a 169 169 170 170 <varlistentry> 171 <term><parameter>--enable-default-pie and 172 --enable-default-ssp</parameter></term> 173 <listitem> 174 <para>Those switches allow GCC to compile programs with 175 some hardening security features (more information on those in 176 the <xref linkend="pie-ssp-info"/> in chapter 8). They are not 177 strictly needed at this stage, since the compiler will only produce 178 temporary executables. But it is cleaner to have the temporary 179 packages be as close as possible to the final ones. 180 </para> 181 </listitem> 182 </varlistentry> 183 184 <varlistentry> 171 185 <term><parameter>--disable-shared</parameter></term> 172 186 <listitem> -
chapter08/gcc.xml
r3c20ad9 r530771a 125 125 </variablelist> 126 126 127 <note id="pie-ssp-info" xreflabel="note on PIE and SSP"> 128 <para> 129 PIE (position independent executable) is a technique to produce 130 binary programs that can be loaded anywhere in memory. Together 131 with a feature named ASLR (Address Space Layout Randomization), 132 this allows programs to never have the same memory layout, 133 thus defeating attacks based on reproducible memory patterns. 134 </para> 135 <para> 136 SSP (Stack Smashing Protection) is a technique to ensure 137 that the parameter stack is not corrupted. Stack corruption can 138 for example alter the return address of a subroutine, 139 which would allow transferring control to an attacker program instead 140 of the original one. 141 </para> 142 </note> 143 127 144 <para>Compile the package:</para> 128 145 … … 157 174 url="&test-results;"/> and 158 175 <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para> 176 177 <para>In gcc, eleven tests, in the i386 test suite are known to FAIL. 178 It's because the test files do not account for the 179 <parameter>--enable-default-pie</parameter> option.</para> 159 180 160 181 <para>In g++, four tests related to PR100400 are known to be reported
Note:
See TracChangeset
for help on using the changeset viewer.