From: "Francisco Blas Izquierdo Riera" <klondike@xiscosoft.es>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/
Date: Wed, 4 May 2011 22:03:38 +0000 (UTC) [thread overview]
Message-ID: <c905159e3812ba690d55bcf6fedd5e26b3eb18d6.klondike@gentoo> (raw)
commit: c905159e3812ba690d55bcf6fedd5e26b3eb18d6
Author: klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Wed May 4 21:44:13 2011 +0000
Commit: Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Wed May 4 21:44:13 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=c905159e
Fixing some QA issues
---
xml/etdyn.xml | 44 +++++++++++++++++++++++++-------------------
1 files changed, 25 insertions(+), 19 deletions(-)
diff --git a/xml/etdyn.xml b/xml/etdyn.xml
index 2b81d4d..6744440 100644
--- a/xml/etdyn.xml
+++ b/xml/etdyn.xml
@@ -1,7 +1,7 @@
<?xml version='1.0' encoding="utf-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
<guide link="/proj/en/hardened/etdyn.xml">
-
+<title>ETDYN guide</title>
<author title="Author">
<mail link="pageexec@freemail.hu">The PaX Team</mail>
</author>
@@ -27,6 +27,7 @@ These guidelines are required to achieve full Address Space Layout Randomization
<chapter>
<title>Introduction</title>
+ <section>
<body>
<p>One of the features of PaX is Address Space Layout Randomization (ASLR)
that allows the kernel to randomize the addresses of various areas in
@@ -67,10 +68,12 @@ These guidelines are required to achieve full Address Space Layout Randomization
themselves in the future.</p>
</body>
+ </section>
</chapter>
<chapter>
<title>How to produce ET_DYN ELF executables</title>
+ <section>
<body>
<p>The following discussion assumes that the GNU toolchain (such as gcc and
@@ -114,8 +117,8 @@ These guidelines are required to achieve full Address Space Layout Randomization
care about gcrt1.o). It is no coincidence that crt1.o is not linked into
shared libraries as this object contains (among others) the low-level entry
point and startup code that invokes the C library startup code which in
- turn calls main().
- <warn>Initiating the building of ET_DYN executables on Gentoo does not require us to put -shared in our CFLAGS or LDFLAGS</warn></p>
+ turn calls main(). </p>
+ <warn>Initiating the building of ET_DYN executables on Gentoo does not require us to put -shared in our CFLAGS or LDFLAGS</warn>
<p>Making crt1.o position independent is easy, we just have to make use of the
GOT (in keeping with the tradition of the glibc naming convention for the
@@ -148,20 +151,22 @@ These guidelines are required to achieve full Address Space Layout Randomization
code) they can be compiled once and put into the same directory where
the other systemwide crt* files are.</p>
</body>
+ </section>
</chapter>
<chapter>
<title>ET_DYN ELF executables (The Gentoo Way)</title>
+ <section>
<body>
- <p>On Gentoo this is accomplished by merging <i>hardened-gcc</i>: </p>
+ <p>On Gentoo this is accomplished by merging <c>hardened-gcc</c>: </p>
<pre caption = "Emerging hardened-gcc">
-<c># emerge hardened-gcc</c>
+# <i>emerge hardened-gcc</i>
</pre>
- <p><i>hardened-gcc</i> is an umbrella package for non-mainstream gcc modifications
- The <i>hardened-gcc</i> packages was initially created by Alexander Gabert
+ <p><c>hardened-gcc</c> is an umbrella package for non-mainstream gcc modifications
+ The <c>hardened-gcc</c> packages was initially created by Alexander Gabert
for this special purpose we are serving here: rolling out the etdyn
specs file and interp.o together with the position independent
crt1S.o. But this package is not limited to that purpose.
@@ -184,21 +189,17 @@ These guidelines are required to achieve full Address Space Layout Randomization
one is chpax built as an ET_EXEC.</p>
<pre caption = "Example files">
-<c># file /sbin/chpax</c>
+# <i>file /sbin/chpax</i>
/sbin/chpax: ELF 32-bit LSB shared object, Intel 80386, version 1 \
(GNU/Linux), stripped
/sbin/chpax: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for \
GNU/Linux 2.0.0, dynamically linked (uses shared libs), stripped
</pre>
- </body>
-</chapter>
-
+<!--To keep the bugs down for us we really dont want the
+end user mucking with the specs -solar -->
-<comment>To keep the bugs down for us we really dont want the
-end user mucking with the specs -solar </comment>
-<comment>
- <p>We can further simplify the building of ET_DYN executables by modifying
+<!-- We can further simplify the building of ET_DYN executables by modifying
a few sections of the default gcc specs file as demonstrated in the
specs.2.95.3 and specs.3.2.3 files (for the respective gcc versions).
To use the new specs file we can either replace the default one or pass
@@ -206,12 +207,17 @@ end user mucking with the specs -solar </comment>
could further trim down the new specs file and keep only the sections
that we changed: *cpp, *cc1, *endfile, *link and *startfile). From now
on invoking gcc as 'gcc -et_dyn' will produce an ET_DYN executable (the
- same goes for g++).</p>
+ same goes for g++).
- <p>Readers interested in rebuilding entire distributions are encouraged to
+ Readers interested in rebuilding entire distributions are encouraged to
take a look at the Adamantix (http://www.adamantix.org) and Hardened
- Gentoo projects (http://www.gentoo.org/proj/en/hardened/).</p>
-</comment>
+ Gentoo projects (http://www.gentoo.org/proj/en/hardened/).
+-->
+ </body>
+ </section>
+</chapter>
+
+
<chapter>
<title>Credits</title>
<section>
next reply other threads:[~2011-05-04 22:03 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-04 22:03 Francisco Blas Izquierdo Riera [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-01-12 13:18 [gentoo-commits] proj/hardened-docs:master commit in: xml/ Magnus Granberg
2012-08-20 17:17 Sven Vermeulen
2012-07-10 19:45 Michael Palimaka
2012-05-26 19:25 Sven Vermeulen
2012-05-26 18:07 Sven Vermeulen
2012-05-21 19:08 Sven Vermeulen
2012-05-04 20:19 Sven Vermeulen
2012-04-28 19:23 Francisco Blas Izquierdo Riera
2012-04-05 20:45 Sven Vermeulen
2012-04-05 18:51 Sven Vermeulen
2012-04-02 15:50 Francisco Blas Izquierdo Riera
2012-03-28 19:00 Sven Vermeulen
2011-12-27 12:51 Sven Vermeulen
2011-12-26 12:17 Sven Vermeulen
2011-12-10 17:32 Sven Vermeulen
2011-12-10 15:44 Sven Vermeulen
2011-12-10 14:47 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-17 21:36 Sven Vermeulen
2011-11-17 20:51 Sven Vermeulen
2011-11-17 20:32 Sven Vermeulen
2011-11-17 20:30 Sven Vermeulen
2011-11-12 21:27 Sven Vermeulen
2011-10-28 17:36 José María Alonso
2011-10-25 18:35 Sven Vermeulen
2011-10-13 14:49 Sven Vermeulen
2011-10-08 16:54 Sven Vermeulen
2011-09-04 19:54 Sven Vermeulen
2011-09-04 19:54 Sven Vermeulen
2011-09-04 19:13 Sven Vermeulen
2011-09-03 12:10 Sven Vermeulen
2011-08-24 21:09 Sven Vermeulen
2011-08-22 19:20 Sven Vermeulen
2011-08-12 21:00 Sven Vermeulen
2011-08-10 18:38 Sven Vermeulen
2011-07-21 19:47 Sven Vermeulen
2011-07-16 20:33 Sven Vermeulen
2011-07-15 16:08 Sven Vermeulen
2011-07-13 22:04 Sven Vermeulen
2011-07-13 21:39 Sven Vermeulen
2011-07-11 15:03 José María Alonso
2011-07-10 20:09 Sven Vermeulen
2011-06-13 14:14 Sven Vermeulen
2011-06-13 14:14 Sven Vermeulen
2011-06-11 13:16 Francisco Blas Izquierdo Riera
2011-06-10 18:07 Francisco Blas Izquierdo Riera
2011-06-10 18:03 Francisco Blas Izquierdo Riera
2011-06-10 14:56 José María Alonso
2011-06-09 17:36 Francisco Blas Izquierdo Riera
2011-06-01 21:26 Sven Vermeulen
2011-06-01 19:57 Sven Vermeulen
2011-05-24 20:37 Sven Vermeulen
2011-05-22 21:35 Sven Vermeulen
2011-05-22 21:35 Sven Vermeulen
2011-05-14 12:51 Sven Vermeulen
2011-05-14 12:51 Sven Vermeulen
2011-05-10 2:34 Francisco Blas Izquierdo Riera
2011-05-09 21:45 Francisco Blas Izquierdo Riera
2011-05-04 22:03 Francisco Blas Izquierdo Riera
2011-05-03 21:06 Sven Vermeulen
2011-05-03 20:23 Sven Vermeulen
2011-05-01 20:21 Sven Vermeulen
2011-04-30 19:43 Sven Vermeulen
2011-04-30 8:59 Sven Vermeulen
2011-04-23 11:32 Sven Vermeulen
2011-04-23 8:18 Sven Vermeulen
2011-04-22 22:35 Sven Vermeulen
2011-04-22 19:17 Sven Vermeulen
2011-04-22 11:14 Sven Vermeulen
2011-04-22 10:49 Sven Vermeulen
2011-04-05 18:46 Matthew Thode
2011-04-05 18:38 Matthew Thode
2011-03-27 1:09 Francisco Blas Izquierdo Riera
2011-03-27 1:00 Francisco Blas Izquierdo Riera
2011-03-27 0:55 Francisco Blas Izquierdo Riera
2011-03-26 23:49 Francisco Blas Izquierdo Riera
2011-03-09 18:14 Sven Vermeulen
2011-02-26 9:33 Sven Vermeulen
2011-02-24 21:25 Sven Vermeulen
2011-02-24 21:24 Sven Vermeulen
2011-02-21 21:54 Sven Vermeulen
2011-02-19 3:29 Francisco Blas Izquierdo Riera
2011-02-19 3:23 Francisco Blas Izquierdo Riera
2011-02-19 0:14 Francisco Blas Izquierdo Riera
2011-02-18 23:17 Francisco Blas Izquierdo Riera
2011-02-18 16:11 Francisco Blas Izquierdo Riera
2011-02-18 7:07 Francisco Blas Izquierdo Riera
2011-02-15 4:40 Francisco Blas Izquierdo Riera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c905159e3812ba690d55bcf6fedd5e26b3eb18d6.klondike@gentoo \
--to=klondike@xiscosoft.es \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox