openstack/openstack-manuals
Code Issues Proposed changes

Fix use of soft-hyphens in security-guide

Browse Source 
The security-guide used two soft-hyphens in a CFLAGS string (soft-hyphen
encoded as <C2><AD> for the commit message):

CFLAGS="[...] -<C2><AD>D_FORTIFY_SOURCE=2 <C2><AD>O2 [...]"

The result looks something like this in a web browser:

CFLAGS="[...] -D_FORTIFY_SOURCE=2 O2 [...]"

If you copied the string from the browser into a text-editor, you'd get
the soft-hyphens back.

The correct string must look like this:

CFLAGS="[...] -D_FORTIFY_SOURCE=2 -O2 [...]"

Change-Id: I9fc1aa2a963d3c9afd93498e7ab91e5c4ac0c5aa
This commit is contained in:
Roger Luethi 2014-04-28 17:06:46 +02:00
parent 0b742b4b4f
commit a965c3ce8a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/security-guide/ch052_devices.xml
View File

@ -75,7 +75,7 @@
</itemizedlist>
<para>Putting this all together, and adding in some additional useful protections, we recommend the following compiler options for gcc when compiling QEMU:</para>
<screen>
CFLAGS="-arch x86_64 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -pie -fPIE -ftrapv -­D_FORTIFY_SOURCE=2 ­O2 -Wl,-z,relro,-z,now"</screen>
CFLAGS="-arch x86_64 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -pie -fPIE -ftrapv -D_FORTIFY_SOURCE=2 -O2 -Wl,-z,relro,-z,now"</screen>
<para>We recommend testing your QEMU executable file after it is compiled to ensure that the compiler hardening worked properly.</para>
<para>Most cloud deployments will not want to build software such as QEMU by hand. It is better to use packaging to ensure that the process is repeatable and to ensure that the end result can be easily deployed throughout the cloud. The references below provide some additional details on applying compiler hardening options to existing packages.</para>
<itemizedlist><listitem>