Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.4 and 1.5

version 1.4, 2016/03/17 03:19:17 version 1.5, 2016/03/17 03:41:21
Line 91  for part or all of the build. Line 91  for part or all of the build.
 Again, this feature may cause some programs to crash, usually indicating an  Again, this feature may cause some programs to crash, usually indicating an
 actual bug in the program. Patching the original program is then required.  actual bug in the program. Patching the original program is then required.
   
   # Auditing the system
   
   The illusion of security is worse than having no security at all. This section
   lists a number of ways to ensure the security features requested are actually
   effective.
   
   _These instructions were obtained and tested on a system derived from NetBSD 7
   (amd64). YMMV._
   
   ## Checking for PIE
   
   The ELF executable type in use changes for binaries built as PIE; without:
   
       $ file /path/to/bin/ary
       /path/to/bin/ary: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for NetBSD 7.0, not stripped
   
   as opposed to the following binary, built as PIE:
   
       $ file /path/to/pie/bin/ary
       /path/to/pie/bin/ary: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for NetBSD 7.0, not stripped
   
   The latter result is then what is expected.
   
   ## Checking for RELRO
   
   The following command should list a section called `RELRO`:
   
       $ objdump -p /path/to/bin/ary
   
       /path/to/bin/ary:     file format elf64-x86-64
   
       Program Header:
       [...]
          RELRO off    0x0000000000000d78 vaddr 0x0000000000600d78 paddr 0x0000000000600d78 align 2**0

Removed from v.1.4  
changed lines
  Added in v.1.5


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb