Changeset 6c952e3 for chapter08/gcc.xml

Timestamp:

09/19/2022 06:38:55 AM (2 years ago)

Author:

Xi Ruoyao <xry111@…>

Branches:

xry111/clfs-ng

Children:

1f6dfd4

Parents:

1203312 (diff), 3d65730e (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge remote-tracking branch 'origin/trunk' into xry111/clfs-ng

File:

• chapter08/gcc.xml (modified) (6 diffs)

chapter08/gcc.xml

@@ -74 +74 @@
              LD=ld                    \
              --enable-languages=c,c++ \
+             --enable-default-pie     \
+             --enable-default-ssp     \
              --disable-multilib       \
              --disable-bootstrap      \
@@ -104 +106 @@
     </variablelist>
 
+    <note>
+      <anchor id="pie-ssp-info" xreflabel="note on PIE and SSP"/>
+      <para>
+        PIE (position-independent executable) is a technique to produce
+        binary programs that can be loaded anywhere in memory.  Without PIE,
+        the security feature named ASLR (Address Space Layout Randomization)
+        can be applied for the shared libraries, but not the exectutable
+        itself.  Enabling PIE allows ASLR for the executables in addition to
+        the shared libraries, and mitigates some attacks based on fixed
+        addresses of sensitive code or data in the executables.
+      </para>
+      <para>
+        SSP (Stack Smashing Protection) is a technique to ensure
+        that the parameter stack is not corrupted. Stack corruption can
+        for example alter the return address of a subroutine,
+        which would allow transferring control to some dangerous code
+        (existing in the program or shared libraries, or injected by the
+        attacker somehow) instead of the original one.
+      </para>
+    </note>
+
     <para>Compile the package:</para>
 
@@ -110 +133 @@
     <important>
       <para>In this section, the test suite for GCC is considered
-      important, but it takes a long time. First time builders are 
+      important, but it takes a long time. First time builders are
       encouraged to not skip it.  The time to run the tests can be
       reduced significantly by adding -jx to the make command below
@@ -136 +159 @@
     url="&test-results;"/> and
     <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para>
+
+    <para>In gcc, eleven tests, in the i386 test suite are known to FAIL.
+    It's because the test files do not account for the
+    <parameter>--enable-default-pie</parameter> option.</para>
 
     <para>In g++, four tests related to PR100400 are known to be reported
@@ -200 +227 @@
   <para>Now make sure that we're setup to use the correct start files:</para>
 
-<screen><userinput>grep -o '/usr/lib.*/crt[1in].*succeeded' dummy.log</userinput></screen>
+<screen><userinput>grep -E -o '/usr/lib.*/S?crt[1in].*succeeded' dummy.log</userinput></screen>
 
   <para>The output of the last command should be:</para>
 
-<screen><computeroutput>/usr/lib/gcc/x86_64-pc-linux-gnu/&gcc-version;/../../../../lib/crt1.o succeeded
+<screen><computeroutput>/usr/lib/gcc/x86_64-pc-linux-gnu/&gcc-version;/../../../../lib/Scrt1.o succeeded
 /usr/lib/gcc/x86_64-pc-linux-gnu/&gcc-version;/../../../../lib/crti.o succeeded
 /usr/lib/gcc/x86_64-pc-linux-gnu/&gcc-version;/../../../../lib/crtn.o succeeded</computeroutput></screen>
@@ -562 +589 @@
         <listitem>
           <para>Contains routines supporting GCC's stack-smashing protection
-          functionality</para>
+          functionality.  Normally it's unused because glibc also provides
+          those routines</para>
           <indexterm zone="ch-system-gcc libssp">
             <primary sortas="c-libssp">libssp</primary>