aboutsummaryrefslogtreecommitdiffstats
path: root/chapter05/gcc-pass1.xml
diff options
context:
space:
mode:
authorXi Ruoyao <xry111@xry111.site>2022-09-11 11:35:06 +0800
committerXi Ruoyao <xry111@xry111.site>2022-09-11 11:35:06 +0800
commite502de1ab04336007ecfff9e534abdaa9b0344d9 (patch)
tree764a6f4511932ccbef76a2c9c7c45be3fa2431e2 /chapter05/gcc-pass1.xml
parent8d3b2541dab38afe4dfc9cf0adde162070571c56 (diff)
gcc: some reword of PIE/SSP/ASLR note
Expand tabs to 8 spaces like everywhere else in the book. Explain that shared libraries are already covered by ASLR, PIE expands the ASLR to cover the exetutables. In 2022, stack smashing attackings are mostly constructing a sequence of faked returning addresses to exectute a series of function already existing in the programs or libraries itself (ret2lib). Returning into the code injected by the attacker is almost impossible because on i686 (with a PAE/NX enabled kernel) or x86_64, running injected code needs W/X mappings and those are very rare these days.
Diffstat (limited to 'chapter05/gcc-pass1.xml')
-rw-r--r--chapter05/gcc-pass1.xml10
1 files changed, 5 insertions, 5 deletions
diff --git a/chapter05/gcc-pass1.xml b/chapter05/gcc-pass1.xml
index 23707f658..2aace5d2b 100644
--- a/chapter05/gcc-pass1.xml
+++ b/chapter05/gcc-pass1.xml
@@ -139,11 +139,11 @@ cd build</userinput></screen>
--enable-default-ssp</parameter></term>
<listitem>
<para>Those switches allow GCC to compile programs with
- some hardening security features (more information on those in
- the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
- strictly needed at this stage, since the compiler will only produce
- temporary executables. But it is cleaner to have the temporary
- packages be as close as possible to the final ones.
+ some hardening security features (more information on those in
+ the <xref linkend="pie-ssp-info"/> in chapter 8) by default. The
+ are not strictly needed at this stage, since the compiler will
+ only produce temporary executables. But it is cleaner to have the
+ temporary packages be as close as possible to the final ones.
</para>
</listitem>
</varlistentry>