Ignore:
Timestamp:
09/11/2022 03:35:06 AM (20 months ago)
Author:
Xi Ruoyao <xry111@…>
Branches:
11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc
Children:
a710d35
Parents:
8d3b254
Message:

gcc: some reword of PIE/SSP/ASLR note

Expand tabs to 8 spaces like everywhere else in the book.

Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.

In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • chapter05/gcc-pass1.xml

    r8d3b254 re502de1  
    140140        <listitem>
    141141          <para>Those switches allow GCC to compile programs with
    142           some hardening security features (more information on those in
    143           the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
    144           strictly needed at this stage, since the compiler will only produce
    145           temporary executables. But it is cleaner to have the temporary
    146           packages be as close as possible to the final ones.
     142           some hardening security features (more information on those in
     143           the <xref linkend="pie-ssp-info"/> in chapter 8) by default. The
     144           are not strictly needed at this stage, since the compiler will
     145           only produce temporary executables. But it is cleaner to have the
     146           temporary packages be as close as possible to the final ones.
    147147          </para>
    148148        </listitem>
Note: See TracChangeset for help on using the changeset viewer.