Author: robert
Date: 2010-11-29 22:11:51 -0700 (Mon, 29 Nov 2010)
New Revision: 1600
Modified:
trunk/BOOK/chapter01/changelog.xml
trunk/BOOK/chapter06/glibc.xml
trunk/BOOK/general.ent
Log:
Modified the chapter 6 Glibc page to build with hardened GCC options.
Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml 2010-11-28 02:51:39 UTC (rev 1599)
+++ trunk/BOOK/chapter01/changelog.xml 2010-11-30 05:11:51 UTC (rev 1600)
@@ -38,6 +38,17 @@
-->
<listitem>
+ <para>2010-11-30</para>
+ <itemizedlist>
+ <listitem>
+ <para>[robert] - Modified the chapter 6 Glibc page to build with
+ hardened GCC options.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>2010-11-27</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/chapter06/glibc.xml
===================================================================
--- trunk/BOOK/chapter06/glibc.xml 2010-11-28 02:51:39 UTC (rev 1599)
+++ trunk/BOOK/chapter06/glibc.xml 2010-11-30 05:11:51 UTC (rev 1600)
@@ -120,6 +120,15 @@
i?86) echo "CFLAGS += -march=i486 -mtune=native -O3 -pipe" > configparms
;;
esac</userinput></screen>
+ <para>Configure the <filename>configparms</filename> file to build the
Glibc
+ libraries with hardening disabled:</para>
+
+<screen><userinput remap="configure">cat >> configparms << "EOF"
+build-programs=no
+CC += -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie
+CXX += -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie
+EOF</userinput></screen>
+
<para>Prepare Glibc for compilation:</para>
<screen><userinput remap="configure">../glibc-&glibc-version;/configure
--prefix=/usr \
@@ -141,15 +150,53 @@
</variablelist>
- <para>Compile the package:</para>
+ <para>Compile the libraries:</para>
<screen><userinput remap="make">make</userinput></screen>
+ <para>Prepare the <filename>configparms</filename> file to build the Glibc
+ programs:</para>
+
+<screen><userinput remap="configure">cat > configparms << "EOF"
+<literal>CC += -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2
+CXX += -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2
+CFLAGS-sln.c += -fno-PIC -fno-PIE
++link = $(CC) -pie -Wl,-O1 -nostdlib -nostartfiles -o $@ \
+ $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+ $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+ -Wl,-z,now -Wl,--warn-shared-textrel,--fatal-warnings \
+ $(addprefix $(csu-objpfx),S$(start-installed-name)) \
+ $(+preinit) $(+prectorS) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ S$(start-installed-name))\
+ $(+preinit) $(link-extra-libs) \
+ $(common-objpfx)libc% $(+postinit),$^) \
+ $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)</literal>
+EOF
+case `uname -m` in
+ i?86) echo "CFLAGS += -march=i486 -mtune=native" >> configparms ;;
+esac</userinput></screen>
+
+ <para>Compile the programs:</para>
+
+<screen><userinput remap="make">make</userinput></screen>
+
<important>
<para>In this section, the test suite for Glibc is considered critical.
Do not skip it under any circumstance.</para>
</important>
+ <para>To test the results first create a new
+ <filename>configparms</filename> file to disable most hardening
options:</para>
+
+<screen><userinput remap="configure">cat > configparms << "EOF"
+CC += -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie
-no-fatal-warnings
+CXX += -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie
-no-fatal-warnings
+EOF
+case `uname -m` in
+ i?86) echo "CFLAGS += -march=i486 -mtune=native" >> configparms ;;
+esac</userinput></screen>
+
<para>Before running the tests, copy a file from the source tree into our
build tree to prevent a couple of test failures, then test the
results:</para>
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2010-11-28 02:51:39 UTC (rev 1599)
+++ trunk/BOOK/general.ent 2010-11-30 05:11:51 UTC (rev 1600)
@@ -1,5 +1,5 @@
-<!ENTITY version "SVN-20101127">
-<!ENTITY releasedate "November 27, 2010">
+<!ENTITY version "SVN-20101130">
+<!ENTITY releasedate "November 30, 2010">
<!ENTITY copyrightdate "1999-2010"><!-- jhalfs needs a literal dash, not
– -->
<!ENTITY milestone "1.0">
<!ENTITY generic-version "development"> <!-- Use "development", "testing", or
"x.y[-pre{x}]" -->
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-book
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
