diff --git a/chapter05/gcc-pass1.xml b/chapter05/gcc-pass1.xml
index 0b7f17913..2c8fc4c31 100644
--- a/chapter05/gcc-pass1.xml
+++ b/chapter05/gcc-pass1.xml
@@ -134,6 +134,20 @@ cd build
+
+ --enable-default-pie and
+ --enable-default-ssp
+
+ Those switches allow GCC to compile programs with
+ some hardening security features (more information on those in
+ the in chapter 8). They are not
+ strictly needed at this stage, since the compiler will only produce
+ temporary executables. But it is cleaner to have the temporary
+ packages be as close as possible to the final ones.
+
+
+
+
--disable-shared
diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml
index fd6e5ae3c..171808df2 100644
--- a/chapter08/gcc.xml
+++ b/chapter08/gcc.xml
@@ -106,6 +106,23 @@ cd build
+
+
+ PIE (position independent executable) is a technique to produce
+ binary programs that can be loaded anywhere in memory. Together
+ with a feature named ASLR (Address Space Layout Randomization),
+ this allows programs to never have the same memory layout,
+ thus defeating attacks based on reproducible memory patterns.
+
+
+ SSP (Stack Smashing Protection) is a technique to ensure
+ that the parameter stack is not corrupted. Stack corruption can
+ for example alter the return address of a subroutine,
+ which would allow transferring control to an attacker program instead
+ of the original one.
+
+
+
Compile the package:
make
@@ -139,6 +156,10 @@ su tester -c "PATH=$PATH make -k check"
url="&test-results;"/> and
.
+ In gcc, eleven tests, in the i386 test suite are known to FAIL.
+ It's because the test files do not account for the
+ --enable-default-pie option.
+
In g++, four tests related to PR100400 are known to be reported
as both XPASS and FAIL. It's because the test file for this known issue
is not well written.