From a965c3ce8a8505c4fc4cde9838b9a78059c06d4d Mon Sep 17 00:00:00 2001 From: Roger Luethi Date: Mon, 28 Apr 2014 17:06:46 +0200 Subject: [PATCH] Fix use of soft-hyphens in security-guide The security-guide used two soft-hyphens in a CFLAGS string (soft-hyphen encoded as for the commit message): CFLAGS="[...] -D_FORTIFY_SOURCE=2 O2 [...]" The result looks something like this in a web browser: CFLAGS="[...] -D_FORTIFY_SOURCE=2 O2 [...]" If you copied the string from the browser into a text-editor, you'd get the soft-hyphens back. The correct string must look like this: CFLAGS="[...] -D_FORTIFY_SOURCE=2 -O2 [...]" Change-Id: I9fc1aa2a963d3c9afd93498e7ab91e5c4ac0c5aa --- doc/security-guide/ch052_devices.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/security-guide/ch052_devices.xml b/doc/security-guide/ch052_devices.xml index dbbe3f7510..551da5deb8 100644 --- a/doc/security-guide/ch052_devices.xml +++ b/doc/security-guide/ch052_devices.xml @@ -75,7 +75,7 @@ Putting this all together, and adding in some additional useful protections, we recommend the following compiler options for gcc when compiling QEMU: -CFLAGS="-arch x86_64 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -pie -fPIE -ftrapv -­D_FORTIFY_SOURCE=2 ­O2 -Wl,-z,relro,-z,now" +CFLAGS="-arch x86_64 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro,-z,now" We recommend testing your QEMU executable file after it is compiled to ensure that the compiler hardening worked properly. Most cloud deployments will not want to build software such as QEMU by hand. It is better to use packaging to ensure that the process is repeatable and to ensure that the end result can be easily deployed throughout the cloud. The references below provide some additional details on applying compiler hardening options to existing packages.