Fix use of soft-hyphens in security-guide

The security-guide used two soft-hyphens in a CFLAGS string (soft-hyphen
encoded as <C2><AD> for the commit message):

CFLAGS="[...] -<C2><AD>D_FORTIFY_SOURCE=2 <C2><AD>O2 [...]"

The result looks something like this in a web browser:

CFLAGS="[...] -D_FORTIFY_SOURCE=2 O2 [...]"

If you copied the string from the browser into a text-editor, you'd get
the soft-hyphens back.

The correct string must look like this:

CFLAGS="[...] -D_FORTIFY_SOURCE=2 -O2 [...]"

Change-Id: I9fc1aa2a963d3c9afd93498e7ab91e5c4ac0c5aa
This commit is contained in:
Roger Luethi 2014-04-28 17:06:46 +02:00
parent 0b742b4b4f
commit a965c3ce8a

View File

@ -75,7 +75,7 @@
</itemizedlist> </itemizedlist>
<para>Putting this all together, and adding in some additional useful protections, we recommend the following compiler options for gcc when compiling QEMU:</para> <para>Putting this all together, and adding in some additional useful protections, we recommend the following compiler options for gcc when compiling QEMU:</para>
<screen> <screen>
CFLAGS="-arch x86_64 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -pie -fPIE -ftrapv -­D_FORTIFY_SOURCE=2 ­O2 -Wl,-z,relro,-z,now"</screen> CFLAGS="-arch x86_64 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro,-z,now"</screen>
<para>We recommend testing your QEMU executable file after it is compiled to ensure that the compiler hardening worked properly.</para> <para>We recommend testing your QEMU executable file after it is compiled to ensure that the compiler hardening worked properly.</para>
<para>Most cloud deployments will not want to build software such as QEMU by hand. It is better to use packaging to ensure that the process is repeatable and to ensure that the end result can be easily deployed throughout the cloud. The references below provide some additional details on applying compiler hardening options to existing packages.</para> <para>Most cloud deployments will not want to build software such as QEMU by hand. It is better to use packaging to ensure that the process is repeatable and to ensure that the end result can be easily deployed throughout the cloud. The references below provide some additional details on applying compiler hardening options to existing packages.</para>
<itemizedlist><listitem> <itemizedlist><listitem>