Expand tabs to 8 spaces like everywhere else in the book.
Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.
In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
Committing only the commands for now, so that others can test the
build. TODO:
- add command explanations
- add changelog
- comment on failing tests in binutils and gcc
Bugtraq is dead since 2021, use oss-sec instead.
For CERT, cert.org redirects to CMU and us-cert.gov redirects to US
CISA (https://www.cisa.gov/uscert/). I'm not familiar with those so
left those for a US citizen to add :).
Forgot to remove this one when I removed it in pass 1...
Reference: https://gcc.gnu.org/r12-1328
(cherry picked from commit 7500d50282b8f0eb1f69e1007362451122cbc557)
Pick it up early in ARM64 branch to remove one reference to x86.
The path to dynamic linker is /lib/ld-linux-aarch64.so.1, no hardcoded
/lib64. It's much better than x86_64 or MIPS64 IMO.
[As a LoongArch contributor & reviewer: we really should have removed
this stupid "64" in the early development stage of LoongArch ELF ABI.]
It seems glibc creates dummy.c for its own use. This leaves some
dummy.xxx files in the directory, that may lead some users to think that
the directory is not properly cleaned up after the test (I did :)
So use a pipe so that only a.out is created
Text change only.
Since 11.0, /lib is a symlink to usr/lib. With libc_cv_slibdir=/usr/lib,
/lib won't be searched by default anymore (if someone mess up the system
by removing /lib symlink and create an real directory there, for example
the initramfs before r10.1-439).
It's recommended for CVE-2022-21233 mitigation. And, if the BIOS has
enabled x2APIC but CONFIG_X86_X2APIC=n, the kernel will panic on boot.
If x2APIC is disabled or not available, the kernel with
CONFIG_X86_X2APIC=y can still boot normally.
No need to tag anything again because interrupt handling cannot affect
userspace.
Text change only.
Add tst-arc4random-thread failure recently reported to upstream, remove
namespace related failures as they are UNSUPPORTED now in 2.36.
