2 files changed, 15 insertions, 12 deletions

diff --git a/chapter05/gcc-pass1.xml b/chapter05/gcc-pass1.xml
index 23707f658..2aace5d2b 100644
--- a/chapter05/gcc-pass1.xml
+++ b/chapter05/gcc-pass1.xml
@@ -139,11 +139,11 @@ cd       build</userinput></screen>
       --enable-default-ssp</parameter></term>
         <listitem>
           <para>Those switches allow GCC to compile programs with
-	  some hardening security features (more information on those in
-	  the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
-	  strictly needed at this stage, since the compiler will only produce
-	  temporary executables. But it is cleaner to have the temporary
-	  packages be as close as possible to the final ones.
+           some hardening security features (more information on those in
+           the <xref linkend="pie-ssp-info"/> in chapter 8) by default. The
+           are not strictly needed at this stage, since the compiler will
+           only produce temporary executables. But it is cleaner to have the
+           temporary packages be as close as possible to the final ones.
           </para>
         </listitem>
       </varlistentry>
diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml
index 171808df2..fe8e767d1 100644
--- a/chapter08/gcc.xml
+++ b/chapter08/gcc.xml
@@ -108,18 +108,21 @@ cd       build</userinput></screen>
 
     <note id="pie-ssp-info" xreflabel="note on PIE and SSP">
       <para>
-        PIE (position independent executable) is a technique to produce
-        binary programs that can be loaded anywhere in memory. Together
-        with a feature named ASLR (Address Space Layout Randomization),
-        this allows programs to never have the same memory layout,
-        thus defeating attacks based on reproducible memory patterns.
+        PIE (position-independent executable) is a technique to produce
+        binary programs that can be loaded anywhere in memory.  Without PIE,
+        the security feature named ASLR (Address Space Layout Randomization)
+        can be applied for the shared libraries, but not the exectutable
+        itself.  Enabling PIE allows ASLR for the executables in addition to
+        the shared libraries, and mitigates some attacks based on fixed
+        addresses of sensitive code or data in the executables.
       </para>
       <para>
         SSP (Stack Smashing Protection) is a technique to ensure
         that the parameter stack is not corrupted. Stack corruption can
         for example alter the return address of a subroutine,
-        which would allow transferring control to an attacker program instead
-        of the original one.
+        which would allow transferring control to some dangerous code
+        (existing in the program or shared libraries, or injected by the
+        attacker somehow) instead of the original one.
       </para>
     </note>