cvs commit: hints ssp.txt

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Tue Apr 20 21:32:45 PDT 2004


tushar      04/04/20 22:32:45

  Modified:    .        ssp.txt
  Log:
  Updated Hint: ssp
  
  Revision  Changes    Path
  1.4       +21 -11    hints/ssp.txt
  
  Index: ssp.txt
  ===================================================================
  RCS file: /home/cvsroot/hints/ssp.txt,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -u -r1.3 -r1.4
  --- ssp.txt	27 Mar 2004 23:53:17 -0000	1.3
  +++ ssp.txt	21 Apr 2004 04:32:45 -0000	1.4
  @@ -1,10 +1,10 @@
  -AUTHOR: Robert Connolly <cendres at videotron dot ca> (ashes)
  +AUTHOR:		Robert Connolly <robert at linuxfromscratch dot org> (ashes)
   
  -DATE:   2004-03-27
  +DATE:		2004-04-18
   
  -LICENSE:        Public Domain
  +LICENSE:	Public Domain
   
  -SYNOPSIS:       Smashing Stack Protector and Libsafe
  +SYNOPSIS:	Smashing Stack Protector and Libsafe
   
   PRIMARY URL:	http://www.linuxfromscratch.org/~robert/winter/Linux/
   
  @@ -38,6 +38,9 @@
   http://www.openbsd.org/
   
   PREREQUISITES: LFS-5.0
  +It is strongly reccomendend that you read about and install frandom/erandom,
  +before installing from this hint.
  +http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt
   
   HINT:
   
  @@ -89,8 +92,8 @@
   alerts.
   
   http://www.linuxfromscratch.org/patches/downloads/glibc/\
  -        glibc-2.3.2-ssp-functions-1.patch # or
  -	glibc-2.3.3-ssp-functions-1.patch
  +        glibc-2.3.{2,3}-ssp-frandom-1.patch # <- Recommended
  +	glibc-2.3.{2,3}-ssp-functions-1.patch # <- Depreciated
   
   The GCC Specs patch adds -fstack-protector-all to GCC's default compiler flags.
   Filters prevent libraries and the kernel from being built with unnessesary
  @@ -108,8 +111,8 @@
   therefore excluded from the default specs in the sspspecs patch.
   
   http://www.linuxfromscratch.org/patches/downloads/linux/\
  -        linux-2.4.25-ssp-1.patch # or
  -        linux-2.6.3-ssp-1.patch
  +        linux-2.4.26-ssp-1.patch # or
  +        linux-2.6.5-ssp-1.patch
   
   The XFree86 patch disables stack protection for some modules. XFree86 4.4 is
   not yet patched/supported.
  @@ -193,11 +196,14 @@
   ---------
   Chapter 5
   ---------
  +Don't forget to install the frandom kernel patch from entropy.txt.
  +(See under PREREQUISITES above)
  +
    - GCC pass 1
   If the host system has SSP in Glibc already, then you can patch gcc
   here. Otherwise do not. If in doubt, wait until pass two.
    - Glibc
  -patch -Np1 -i ../glibc-2.3.2-ssp-functions-1.patch
  +patch -Np1 -i ../glibc-2.3.2-ssp-frandom-1.patch
   
    - GCC pass 2
   patch -Np1 -i ../gcc-3.3.3-ssp-1.patch
  @@ -211,7 +217,7 @@
   Chapter 6
   ---------
    - Glibc
  -patch -Np1 -i ../glibc-2.3.2-ssp-functions-1.patch
  +patch -Np1 -i ../glibc-2.3.2-ssp-frandom-1.patch
   
    - Binutils
   make CFLAGS="-fno-stack-protector" check
  @@ -233,7 +239,7 @@
   Linux kernel
   
   make mrproper &&
  -patch -Np1 -i ../linux-2.4.25-ssp-1.patch
  +patch -Np1 -i ../linux-2.4.26-ssp-1.patch
   
   make menuconfig
   
  @@ -297,6 +303,8 @@
   		crosscompiling-x86.txt
   * Thanks to http://www.isecurelabs.com/news/64 for proof of concept tests.
   * Thanks to Gentoo http://www.gentoo.org/proj/en/hardened/etdyn-ssp.xml
  +* Thanks to Eli Billauer for the Frandom suite. -
  +        http://frandom.sourceforge.net/
   
   CHANGELOG:
   [2003-10-18]
  @@ -364,3 +372,5 @@
   * Update linux-2.6.3 patch and hgcc url
   [2004-03-27]
   * Add sspspecs patch. Update.
  +[2004-04-18]
  +* Added entropy.txt link for erandom.
  
  
  



More information about the hints mailing list