1 |
nightmorph 10/08/30 03:01:13 |
2 |
|
3 |
Modified: pax-utils.xml |
4 |
Log: |
5 |
update ELF specification link, bug 334025. also fix miscellaneous GuideXML stuff and hardened-sources references. |
6 |
|
7 |
Revision Changes Path |
8 |
1.9 xml/htdocs/proj/en/hardened/pax-utils.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-utils.xml?rev=1.9&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-utils.xml?rev=1.9&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-utils.xml?r1=1.8&r2=1.9 |
13 |
|
14 |
Index: pax-utils.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-utils.xml,v |
17 |
retrieving revision 1.8 |
18 |
retrieving revision 1.9 |
19 |
diff -u -r1.8 -r1.9 |
20 |
--- pax-utils.xml 13 Dec 2006 00:31:28 -0000 1.8 |
21 |
+++ pax-utils.xml 30 Aug 2010 03:01:13 -0000 1.9 |
22 |
@@ -1,29 +1,31 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
- |
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-utils.xml,v 1.8 2006/12/13 00:31:28 solar Exp $ --> |
26 |
- |
27 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
28 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-utils.xml,v 1.9 2010/08/30 03:01:13 nightmorph Exp $ --> |
29 |
|
30 |
-<guide link="/proj/en/hardened/pax-utils.xml"> |
31 |
+<guide> |
32 |
<title>Gentoo PaX Utilities</title> |
33 |
|
34 |
<author title="Author"> |
35 |
- <mail link="swift@g.o">Sven Vermeulen</mail> |
36 |
+ <mail link="swift"/> |
37 |
+</author> |
38 |
+<author title="Editor"> |
39 |
+ <mail link="solar"/> |
40 |
</author> |
41 |
<author title="Editor"> |
42 |
- <mail link="solar@g.o">Ned Ludd</mail> |
43 |
+ <mail link="nightmorph"/> |
44 |
</author> |
45 |
|
46 |
<abstract> |
47 |
- |
48 |
+This guide provides instruction on securing your system by using the pax-utils |
49 |
+package to find and identify problematic binaries. |
50 |
</abstract> |
51 |
|
52 |
<!-- The content of this document is licensed under the CC-BY-SA license --> |
53 |
<!-- See http://creativecommons.org/licenses/by-sa/2.0 --> |
54 |
<license/> |
55 |
|
56 |
-<version>0.1</version> |
57 |
-<date>2005-01-01</date> |
58 |
+<version>2</version> |
59 |
+<date>2010-08-29</date> |
60 |
|
61 |
<chapter> |
62 |
<title>What is this guide about?</title> |
63 |
@@ -74,8 +76,8 @@ |
64 |
<p> |
65 |
The structure of such a binary is defined in the ELF standard. ELF stands for |
66 |
<e>Executable and Linkable Format</e>. If you are really interested in the gory |
67 |
-details, check out the |
68 |
-<uri link="http://www.linuxbase.org/spec/book/ELF-generic/ELF-generic.html"> |
69 |
+details, check out the <uri |
70 |
+link="http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/elf-generic.html"> |
71 |
Generic ELF spec</uri> or the <c>elf(5)</c> man page. |
72 |
</p> |
73 |
|
74 |
@@ -406,7 +408,6 @@ |
75 |
<ti>k</ti> |
76 |
<ti>Section</ti> |
77 |
</tr> |
78 |
- |
79 |
<tr> |
80 |
<ti>a</ti> |
81 |
<ti>ARCH/e_machine</ti> |
82 |
@@ -471,11 +472,10 @@ |
83 |
|
84 |
</body> |
85 |
</section> |
86 |
- |
87 |
- |
88 |
<section> |
89 |
<title>Using scanelf for Specific Header</title> |
90 |
<body> |
91 |
+ |
92 |
<p> |
93 |
The scanelf util can be used to quickly identify files that contain a |
94 |
given section header using the -k .section option. |
95 |
@@ -487,13 +487,13 @@ |
96 |
stripped. A stripped elf will lack a .symtab entry, so we use the '!' |
97 |
to invert the matching logic. |
98 |
</p> |
99 |
+ |
100 |
<pre caption="Scanning for stripped or non stripped executables"> |
101 |
# <i>scanelf -k '!.symtab' /usr/lib/debug -Rq -F%F#k</i> |
102 |
</pre> |
103 |
|
104 |
</body> |
105 |
</section> |
106 |
- |
107 |
<section> |
108 |
<title>Using scanelf for Specific Segment Markings</title> |
109 |
<body> |
110 |
@@ -565,8 +565,8 @@ |
111 |
To be able to benefit from these defense mechanisms, you need to run a Linux |
112 |
kernel patched with the latest PaX code. The <uri |
113 |
link="http://hardened.gentoo.org">Hardened Gentoo</uri> project supports PaX and |
114 |
-its parent project, grsecurity. Supported kernel packages are |
115 |
-<c>sys-kernel/hardened-sources-2.(4|6)</c>. |
116 |
+its parent project, grsecurity. The supported kernel package is |
117 |
+<c>sys-kernel/hardened-sources</c>. |
118 |
</p> |
119 |
|
120 |
<p> |
121 |
@@ -582,7 +582,7 @@ |
122 |
<body> |
123 |
|
124 |
<p> |
125 |
-If your tool chain supports it, your binaries can have additional PaX flags in |
126 |
+If your toolchain supports it, your binaries can have additional PaX flags in |
127 |
their Program Header. The following flags are supported: |
128 |
</p> |
129 |
|
130 |
@@ -753,5 +753,4 @@ |
131 |
</body> |
132 |
</section> |
133 |
</chapter> |
134 |
- |
135 |
</guide> |