From 1bade3f439265d1c964701316922ab5cbfed93c8 Mon Sep 17 00:00:00 2001
From: Pierre Labastie <pierre.labastie@neuf.fr>
Date: Sat, 10 Sep 2022 13:41:38 +0200
Subject: [PATCH 1/2] Document the --enable-default-pie/ssp options

Also document test failures in gcc chapter 8
---
 chapter05/gcc-pass1.xml | 14 ++++++++++++++
 chapter08/gcc.xml       | 21 +++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/chapter05/gcc-pass1.xml b/chapter05/gcc-pass1.xml
index 0b7f17913..2c8fc4c31 100644
--- a/chapter05/gcc-pass1.xml
+++ b/chapter05/gcc-pass1.xml
@@ -134,6 +134,20 @@ cd       build</userinput></screen>
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+      <term><parameter>--enable-default-pie</parameter> and
+      <parameter>--enable-default-ssp</parameter></term>
+        <listitem>
+          <para>Those switches allow GCC to compile programs with
+	  some hardening security features (more information on those in
+	  the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
+	  strictly needed at this stage, since the compiler will only produce
+	  temporary executables. But it is cleaner to have the temporary
+	  packages be as close as possible to the final ones.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><parameter>--disable-shared</parameter></term>
         <listitem>
diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml
index fd6e5ae3c..171808df2 100644
--- a/chapter08/gcc.xml
+++ b/chapter08/gcc.xml
@@ -106,6 +106,23 @@ cd       build</userinput></screen>
       </varlistentry>
     </variablelist>
 
+    <note id="pie-ssp-info" xreflabel="note on PIE and SSP">
+      <para>
+        PIE (position independent executable) is a technique to produce
+        binary programs that can be loaded anywhere in memory. Together
+        with a feature named ASLR (Address Space Layout Randomization),
+        this allows programs to never have the same memory layout,
+        thus defeating attacks based on reproducible memory patterns.
+      </para>
+      <para>
+        SSP (Stack Smashing Protection) is a technique to ensure
+        that the parameter stack is not corrupted. Stack corruption can
+        for example alter the return address of a subroutine,
+        which would allow transferring control to an attacker program instead
+        of the original one.
+      </para>
+    </note>
+
     <para>Compile the package:</para>
 
 <screen><userinput remap="make">make</userinput></screen>
@@ -139,6 +156,10 @@ su tester -c "PATH=$PATH make -k check"</userinput></screen>
     url="&test-results;"/> and
     <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para>
 
+    <para>In gcc, eleven tests, in the i386 test suite are known to FAIL.
+    It's because the test files do not account for the
+    <parameter>--enable-default-pie</parameter> option.</para>
+
     <para>In g++, four tests related to PR100400 are known to be reported
     as both XPASS and FAIL.  It's because the test file for this known issue
     is not well written.</para>

From 8d3b2541dab38afe4dfc9cf0adde162070571c56 Mon Sep 17 00:00:00 2001
From: Pierre Labastie <pierre.labastie@neuf.fr>
Date: Sat, 10 Sep 2022 14:01:42 +0200
Subject: [PATCH 2/2] gcc-pass1: fix bold "and" in command explanation

---
 chapter05/gcc-pass1.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chapter05/gcc-pass1.xml b/chapter05/gcc-pass1.xml
index 2c8fc4c31..23707f658 100644
--- a/chapter05/gcc-pass1.xml
+++ b/chapter05/gcc-pass1.xml
@@ -135,8 +135,8 @@ cd       build</userinput></screen>
       </varlistentry>
 
       <varlistentry>
-      <term><parameter>--enable-default-pie</parameter> and
-      <parameter>--enable-default-ssp</parameter></term>
+      <term><parameter>--enable-default-pie and
+      --enable-default-ssp</parameter></term>
         <listitem>
           <para>Those switches allow GCC to compile programs with
 	  some hardening security features (more information on those in