Changeset 530771a


Ignore:
Timestamp:
09/10/2022 10:30:11 PM (20 months ago)
Author:
Thomas Trepl (Moody) <thomas@…>
Branches:
multilib
Children:
c49c1fb
Parents:
3c20ad9 (diff), 8d3b254 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Automatic merge of trunk into multilib

Files:
2 edited

Legend:

Unmodified
Added
Removed

  • chapter05/gcc-pass1.xml

    r3c20ad9 r530771a  
    169169
    170170      <varlistentry>
     171      <term><parameter>--enable-default-pie and
     172      --enable-default-ssp</parameter></term>
     173        <listitem>
     174          <para>Those switches allow GCC to compile programs with
     175          some hardening security features (more information on those in
     176          the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
     177          strictly needed at this stage, since the compiler will only produce
     178          temporary executables. But it is cleaner to have the temporary
     179          packages be as close as possible to the final ones.
     180          </para>
     181        </listitem>
     182      </varlistentry>
     183
     184      <varlistentry>
    171185        <term><parameter>--disable-shared</parameter></term>
    172186        <listitem>

  • chapter08/gcc.xml

    r3c20ad9 r530771a  
    125125    </variablelist>
    126126
     127    <note id="pie-ssp-info" xreflabel="note on PIE and SSP">
     128      <para>
     129        PIE (position independent executable) is a technique to produce
     130        binary programs that can be loaded anywhere in memory. Together
     131        with a feature named ASLR (Address Space Layout Randomization),
     132        this allows programs to never have the same memory layout,
     133        thus defeating attacks based on reproducible memory patterns.
     134      </para>
     135      <para>
     136        SSP (Stack Smashing Protection) is a technique to ensure
     137        that the parameter stack is not corrupted. Stack corruption can
     138        for example alter the return address of a subroutine,
     139        which would allow transferring control to an attacker program instead
     140        of the original one.
     141      </para>
     142    </note>
     143
    127144    <para>Compile the package:</para>
    128145
     
    157174    url="&test-results;"/> and
    158175    <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para>
     176
     177    <para>In gcc, eleven tests, in the i386 test suite are known to FAIL.
     178    It's because the test files do not account for the
     179    <parameter>--enable-default-pie</parameter> option.</para>
    159180
    160181    <para>In g++, four tests related to PR100400 are known to be reported
Note: See TracChangeset for help on using the changeset viewer.