gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-06-19 03:39:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Automatic merge of trunk into multilib

Browse Source
This commit is contained in:
Thomas Trepl (Moody) 2022-09-11 00:30:11 +02:00
commit 530771a7bb
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
chapter05/gcc-pass1.xml
View File

@ -167,6 +167,20 @@ cd build</userinput></screen>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><parameter>--enable-default-pie and
--enable-default-ssp</parameter></term>
<listitem>
<para>Those switches allow GCC to compile programs with
some hardening security features (more information on those in
the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
strictly needed at this stage, since the compiler will only produce
temporary executables. But it is cleaner to have the temporary
packages be as close as possible to the final ones.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><parameter>--disable-shared</parameter></term> <term><parameter>--disable-shared</parameter></term>
<listitem> <listitem>

21
chapter08/gcc.xml
View File

@ -124,6 +124,23 @@ cd build</userinput></screen>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<note id="pie-ssp-info" xreflabel="note on PIE and SSP">
<para>
PIE (position independent executable) is a technique to produce
binary programs that can be loaded anywhere in memory. Together
with a feature named ASLR (Address Space Layout Randomization),
this allows programs to never have the same memory layout,
thus defeating attacks based on reproducible memory patterns.
</para>
<para>
SSP (Stack Smashing Protection) is a technique to ensure
that the parameter stack is not corrupted. Stack corruption can
for example alter the return address of a subroutine,
which would allow transferring control to an attacker program instead
of the original one.
</para>
</note>
<para>Compile the package:</para> <para>Compile the package:</para>
<screen><userinput remap="make">make</userinput></screen> <screen><userinput remap="make">make</userinput></screen>
@ -157,6 +174,10 @@ su tester -c "PATH=$PATH make -k check"</userinput></screen>
url="&test-results;"/> and url="&test-results;"/> and
<ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para> <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para>
<para>In gcc, eleven tests, in the i386 test suite are known to FAIL.
It's because the test files do not account for the
<parameter>--enable-default-pie</parameter> option.</para>
<para>In g++, four tests related to PR100400 are known to be reported <para>In g++, four tests related to PR100400 are known to be reported
as both XPASS and FAIL. It's because the test file for this known issue as both XPASS and FAIL. It's because the test file for this known issue
is not well written.</para> is not well written.</para>