diff options
author | klondike <klondike@xiscosoft.es> | 2010-11-12 20:27:38 +0100 |
---|---|---|
committer | klondike <klondike@xiscosoft.es> | 2010-11-12 20:27:38 +0100 |
commit | 37021a397dbd8e566f3b495f720bb1eed375fee7 (patch) | |
tree | a18cd4a51d529f0a622852eae852a2d63147aec4 | |
parent | Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/hardened-docs... (diff) | |
parent | Fixing paths (diff) | |
download | hardened-docs-37021a397dbd8e566f3b495f720bb1eed375fee7.tar.gz hardened-docs-37021a397dbd8e566f3b495f720bb1eed375fee7.tar.bz2 hardened-docs-37021a397dbd8e566f3b495f720bb1eed375fee7.zip |
Merge branch 'master' of git+ssh://git.overlays.gentoo.org/proj/hardened-docs into ordered
50 files changed, 621 insertions, 234 deletions
diff --git a/dopreview.sh b/dopreview.sh index 7ca3232..9db38a0 100755 --- a/dopreview.sh +++ b/dopreview.sh @@ -15,15 +15,28 @@ if [ -z "$(whereis -b gorg | cut -d: -f2)" ]; exit 1; fi -for FILE in `find xml/ -iname '*.xml'`; +rm -r html/ +for FILE in `find xml/ -type f`; do - output=${FILE%.xml}.html - output=html/${output#xml/} + output=html/${FILE#xml/} mkdir -p `dirname $output` - gorg < $FILE | \ - sed -e 's|"/css/main.css"|"http://www.gentoo.org/css/main.css"|g' \ - -e 's|"../../../|"http://www.gentoo.org/|g' \ - -e 's|"/images/|"http://www.gentoo.org/images/|g' \ - -e 's|"/|"http://www.gentoo.org/|g' | \ - tr -d "\302" | tr -d "\240" > $output; + case $FILE in + *~) + rm $FILE + ;; + *.xml) + output=${output%.xml}.html + gorg < $FILE | \ + sed -e 's|"/css/main.css"|"http://www.gentoo.org/css/main.css"|g' \ + -e 's|"../../../|"http://www.gentoo.org/|g' \ + -e 's|"/images/|"http://www.gentoo.org/images/|g' \ + -e 's|"/|"http://www.gentoo.org/|g' \ + -e 's|"http://www.gentoo.org/proj/en/hardened/\([^"]*\).xml"|"\1.html"|g' \ + -e 's|"http://www.gentoo.org/proj/en/hardened/\([^"]*\)"|"\1"|g' | \ + tr -d "\302" | tr -d "\240" > $output; + ;; + *) + cp $FILE $output + ;; + esac done diff --git a/html/capabilities.html b/html/capabilities.html index 4bf9719..228f38a 100644 --- a/html/capabilities.html +++ b/html/capabilities.html @@ -400,7 +400,7 @@ <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/capabilities.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="capabilities.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated January 22, 2005</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> POSIX capabilities are a partitioning of the all powerful root privilege into a diff --git a/html/docs/devel-chroots-intro.html b/html/docs/devel-chroots-intro.html index 6153d11..06b2a82 100644 --- a/html/docs/devel-chroots-intro.html +++ b/html/docs/devel-chroots-intro.html @@ -2,8 +2,8 @@ <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> -<link title="new" rel="stylesheet" href="http://www.gentoo.org/../../css/main.css" type="text/css"> -<link REL="shortcut icon" HREF="http://www.gentoo.org/../../favicon.ico" TYPE="image/x-icon"> +<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css"> +<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon"> <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website"> <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums"> <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla"> @@ -14,7 +14,7 @@ Developer Chroots Utility Guide</title> </head> <body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0"> -<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/../../images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr> +<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr> <tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr> <td width="99%" class="content" valign="top" align="left"> <br><h1>Developer Chroots Utility Guide</h1> @@ -439,7 +439,7 @@ of scripts and users for having their work done! --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/devel-chroots-intro.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="devel-chroots-intro.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated December 6, 2006</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This guide covers the installation, configuration and set up diff --git a/html/docs/glossary.html b/html/docs/glossary.html index b1d56b9..b7197e1 100644 --- a/html/docs/glossary.html +++ b/html/docs/glossary.html @@ -140,7 +140,7 @@ rules so that lml can monitor other projects like SELinux. --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/docs/glossary.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="docs/glossary.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated August 07, 2004</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This document introduces the Gentoo Hardened project and covers diff --git a/html/docs/pax-howto.html b/html/docs/pax-howto.html index 3bfc2c1..e630d5c 100644 --- a/html/docs/pax-howto.html +++ b/html/docs/pax-howto.html @@ -246,7 +246,7 @@ to run. --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="docs/pax-howto.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated August 07, 2004</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> A quickstart covering PaX and Hardened Gentoo. diff --git a/html/etdyn.html b/html/etdyn.html index 64c8b3c..672ec23 100644 --- a/html/etdyn.html +++ b/html/etdyn.html @@ -179,7 +179,7 @@ GNU/Linux 2.0.0, dynamically linked (uses shared libs), stripped <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/etdyn.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="etdyn.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated 5 Aug 2003</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This guide contains documentation and examples on how to create dynamic ELF executables. diff --git a/html/gnu-stack.html b/html/gnu-stack.html index 7f2b227..7ba1255 100644 --- a/html/gnu-stack.html +++ b/html/gnu-stack.html @@ -98,8 +98,8 @@ GNU-stack note to the source to indicate an executable stack is not necessary. </span>Finding ELFs that ask for an executable stack</p> <p> Before you can start fixing something, you have to make sure it's broken first, -right? For this reason, we've developed a suite of tools named <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities</a>. If you are not -familiar with these utilities, you should read the <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities Guide</a> now. Gentoo users +right? For this reason, we've developed a suite of tools named <a href="pax-utils.html">PaX Utilities</a>. If you are not +familiar with these utilities, you should read the <a href="pax-utils.html">PaX Utilities Guide</a> now. Gentoo users can simply do <span class="code" dir="ltr">emerge pax-utils</span>. Non-Gentoo users should be able to find a copy of the source tarball in the <span class="path" dir="ltr">distfiles</span> on a <a href="http://www.gentoo.org/main/en/mirrors.xml">Gentoo Mirror</a>. Once you have the PaX Utilities setup on your system, we can start playing around with @@ -396,7 +396,7 @@ If no one can seem to answer your question, give me a poke either on irc <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="gnu-stack.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated September 29, 2010</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Handbook for proper GNU Stack management in ELF systems</p></td></tr> <tr><td align="left" class="topsep"><p class="alttext"> diff --git a/html/grsecurity.html b/html/grsecurity.html index 65dffff..b13c3f6 100644 --- a/html/grsecurity.html +++ b/html/grsecurity.html @@ -749,7 +749,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>. </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml"> + <a href="capabilities.html"> Capability Names and Descriptions</a> </li> <li> @@ -758,7 +758,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>. </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Using PaX with + <a href="pax-quickstart.html">Using PaX with Gentoo QuickStart</a> (NEW) </li> <li> @@ -780,7 +780,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>. <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="grsecurity.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated January 5, 2010</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This document features the grsecurity 2.x security patches, supported kernel diff --git a/html/hardeneddebug.html b/html/hardened-debugging.html index 555d2bb..bc8309e 100644 --- a/html/hardeneddebug.html +++ b/html/hardened-debugging.html @@ -186,7 +186,7 @@ used <span class="code" dir="ltr">paxctl</span> you can reset the flags to defau --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedfaq.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated October 26, 2010</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> In this document we study the ways to do proper binary debugging when using a diff --git a/html/hardened-toolchain.html b/html/hardened-toolchain.html index 2079abf..f3090c7 100644 --- a/html/hardened-toolchain.html +++ b/html/hardened-toolchain.html @@ -50,7 +50,7 @@ Normally the compiler must be explicitly directed to switch on the stack protect </p> <p class="secthead"><a name="PIEintro"></a><a name="doc_chap1_sect4">Automatic generation of Position Independent Executables (PIEs)</a></p> <p> -Standard executables have a fixed base address, and they must be loaded to this address otherwise they will not execute correctly. Position Independent Executables can be loaded anywhere in memory much like shared libraries, allowing <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">PaX</a>'s Address Space Layout Randomisation (ASLR) to take effect. This is achieved by building the code to be position-independent, and linking them as ELF shared objects. +Standard executables have a fixed base address, and they must be loaded to this address otherwise they will not execute correctly. Position Independent Executables can be loaded anywhere in memory much like shared libraries, allowing <a href="pax-quickstart.html">PaX</a>'s Address Space Layout Randomisation (ASLR) to take effect. This is achieved by building the code to be position-independent, and linking them as ELF shared objects. </p> <p> In 2003 Hardened Gentoo introduced an approach referred to as '-y etdyn' which consisted of building all code with -fPIC, and modifying the link stage to provide an ET_DYN executable using a modified PIC version of crt1.o, and setting the interp header to cause the executable to be loaded by the loader from glibc. ET_DYN versions of the crt1.o object were created for x86, parisc, ppc and sparc. @@ -200,7 +200,7 @@ filter-flags -fPIE However if an ebuild creates both executables and libraries then more detailed modifications need to be made, to add the -fno-PIE to the compilation of objects destined for the libraries. Where an object is used for both a shared library and an executable, it is necessary to modify the build process significantly in order to obtain two objects, one built -fPIC and one built -fPIE for linking to the library and the executable respectively. Most packages that provide both a shared library and a static archive do so by using libtool which does the right thing automatically. Both of these approaches can be taken unconditionally; i.e. it is not necessary to make such changes conditional on the presence of the hardened compiler. </p> <p> -Occasionally application code will fail to compile with -fPIE. If this happens it is usually down to non-position-independent assembler code, and is most prevelant on X86 which has a limited general purpose register set. However this is rare in application code as normally application authors push most of their code into shared libraries, although it does happen. Most position-independent build problems occur in shared libraries which are not built position-independent - this is a problem regardless of Hardened, and is nothing to do with PIE; it is just that the issue is highlighted by the hardened compiler due to the automatic enabling of -fPIE when -fPIC is not specified as described above. See the <a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml">PIC fixing guide</a> for information on how to fix this sort of problem. +Occasionally application code will fail to compile with -fPIE. If this happens it is usually down to non-position-independent assembler code, and is most prevelant on X86 which has a limited general purpose register set. However this is rare in application code as normally application authors push most of their code into shared libraries, although it does happen. Most position-independent build problems occur in shared libraries which are not built position-independent - this is a problem regardless of Hardened, and is nothing to do with PIE; it is just that the issue is highlighted by the hardened compiler due to the automatic enabling of -fPIE when -fPIC is not specified as described above. See the <a href="pic-fix-guide.html">PIC fixing guide</a> for information on how to fix this sort of problem. </p> <p> Some applications have been reported to segfault when built as PIEs. Exactly why this occurs is unclear, but it is likely due to a compiler bug so later compiler versions may resolve such problems. @@ -300,9 +300,9 @@ The following packages have issues with BIND_NOW at the time of writing, and it </span>References</p> <p class="secthead"><a name="gentoorefs"></a><a name="doc_chap6_sect1">Other Gentoo Documentation</a></p> <ul> -<li><a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">PaX QuickStart</a></li> -<li><a href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml">Introduction to Position-Independent Code (PIC)</a></li> -<li><a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml">Guide to fixing non-PIC shared libraries</a></li> +<li><a href="pax-quickstart.html">PaX QuickStart</a></li> +<li><a href="pic-guide.html">Introduction to Position-Independent Code (PIC)</a></li> +<li><a href="pic-fix-guide.html">Guide to fixing non-PIC shared libraries</a></li> </ul> <p class="secthead"><a name="externalrefs"></a><a name="doc_chap6_sect2">External Documentation</a></p> <ul> @@ -328,7 +328,7 @@ The following packages have issues with BIND_NOW at the time of writing, and it --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardened-toolchain.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated August 31, 2006</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> Technical description of, and rationale for, the Gentoo Hardened Toolchain modifications. diff --git a/html/hardened-virtualization.html b/html/hardened-virtualization.html index d99ed3e..4d2fa68 100644 --- a/html/hardened-virtualization.html +++ b/html/hardened-virtualization.html @@ -120,7 +120,7 @@ KVM related resources: --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardened-virtualization.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardened-virtualization.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated October 31, 2010</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> Virtualization is a key component in current IT infrastructure. Although diff --git a/html/hardenedfaq.html b/html/hardenedfaq.html index 4ce39fd..63a0f8f 100644 --- a/html/hardenedfaq.html +++ b/html/hardenedfaq.html @@ -255,39 +255,9 @@ oolchain so that you have a consistent base: </table> <p class="secthead"><a name="hardeneddebug"></a><a name="doc_chap2_sect9">How do I debug with gdb?</a></p> <p> -First gotcha is that GDB can't resolve symbols in PIEs; it doesn't realise that -the addresses are relative in PIEs not absolute. This shows up when you try to -get a backtrace for example, and see a stream of lines with <span class="emphasis">'??'</span> where -the symbol should be. -</p> -<p> -To get around this, do the final link stage with <span class="code" dir="ltr">-nopie</span> - all the -preceding object compilations can still be with <span class="code" dir="ltr">-fPIE</span> as normal (i.e. the -default with the hardened compiler) so that your executable is as close as -possible to the real thing, but the final link must create a regular executable. -Try adding <span class="code" dir="ltr">-nopie</span> to LDFLAGS if you're building with emerge. -</p> -<p> -Another way of accomplishing this, it to emerge <span class="code" dir="ltr">>=sys-devel/gdb-7.1</span>, -which contains a special patch that makes it able to debug executables linked -with <span class="code" dir="ltr">-pie</span>. -</p> -<p> -The second gotcha is that PaX may prevent GDB from setting breakpoints, -depending on how the kernel is configured. This includes the breakpoint at main -which you need to get started. To stop PaX doing this, the executable being -debugged needs the <span class="code" dir="ltr">m</span> and <span class="code" dir="ltr">x</span> flags. The <span class="code" dir="ltr">x</span> flag is set by -default, so it is enough to do: -</p> -<a name="doc_chap2_pre5"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0"> -<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.5: Relax PaX for debug</p></td></tr> -<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre> -# <span class="code-input">/sbin/paxctl -m foo</span> -</pre></td></tr> -</table> -<p> -At this point, you should be good to go! Fire up gdb in the usual way. Good -luck! +We have written a <a href="hardened-debugging.html">document +on how to debug with Gentoo Hardened</a>, so following the recommedations +there should fix your problem. </p> <p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3. </span>PaX Questions</p> @@ -299,7 +269,7 @@ The homepage for PaX is located at <a href="http://pax.grsecurity.net">http://pa <p> Currently the only Gentoo documentation that exists about PaX is a PaX quickstart guide located at the -<a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml</a> website. +<a href="pax-quickstart.html">http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml</a> website. </p> <p class="secthead"><a name="paxnoelf"></a><a name="doc_chap3_sect3">I keep getting the message: "error while loading shared libraries: cannot make segment writable for relocation: Permission denied." What does this @@ -333,7 +303,7 @@ executable is using the non-PIC library. <p> To check your system for textrels, you can use the program <span class="code" dir="ltr">scanelf</span> from <span class="code" dir="ltr">app-misc/pax-utils</span>. For information on how to use the <span class="code" dir="ltr">pax-utils</span> -package please consult the <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">Gentoo +package please consult the <a href="pax-utils.html">Gentoo PaX Utilities Guide</a>. </p> <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> @@ -392,7 +362,7 @@ The homepage for Grsecurity is located at <a href="http://www.grsecurity.net">ht <p class="secthead"><a name="grsecgentoodoc"></a><a name="doc_chap4_sect2">What Gentoo documentation exists about Grsecurity?</a></p> <p> The most current documentation for Grsecurity is a Grsecurity2 quickstart guide -located at <a href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml">http://www.gentoo.org/proj/en/hardened/grsecurity.xml</a>. +located at <a href="grsecurity.html">http://www.gentoo.org/proj/en/hardened/grsecurity.xml</a>. </p> <p class="secthead"><a name="grsecnew"></a><a name="doc_chap4_sect3">Can I use Grsecurity with a recent kernel not on the tree?</a></p> <p> @@ -408,14 +378,14 @@ tree. </span>SELinux Questions</p> <p class="secthead"><a name="selinuxfaq"></a><a name="doc_chap5_sect1">Where can I find SELinux related frequently asked questions?</a></p> <p> -A SELinux specific FAQ can be found at <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3&%0Achap=3"> +A SELinux specific FAQ can be found at <a href="selinux/selinux-handbook.xml?part=3&%0Achap=3"> http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3& chap=3</a>. </p> <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedfaq.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated November 12, 2010</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> Frequently Asked Questions that arise on the #gentoo-hardened IRC channel and diff --git a/html/hardenedxorg.html b/html/hardenedxorg.html index cea97ae..935fe09 100644 --- a/html/hardenedxorg.html +++ b/html/hardenedxorg.html @@ -32,7 +32,7 @@ <p> PaX, a patch for the Linux kernel, is a central part of the Hardened Gentoo project. PaX provides various functionality such as ASLR and NX memory. More -information is available at <a href="http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml">http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml</a> +information is available at <a href="docs/pax-howto.html">http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml</a> For the purposes of this document, it will be assumed that the reader has a general understanding of how PaX works as well as the concept of Position Independent Executables (PIE). </p> diff --git a/html/index.html b/html/index.html index 438d0c3..564ac48 100644 --- a/html/index.html +++ b/html/index.html @@ -111,7 +111,7 @@ Gentoo once they've been tested for security and stability by the Hardened team. </tr> <tr> <td class="tableinfo"> - <a href="http://www.gentoo.org/proj/en/hardened/selinux/index.xml">SELinux</a> + <a href="selinux/index.html">SELinux</a> </td> <td class="tableinfo">pebenito</td> <td class="tableinfo">SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system.</td> @@ -161,67 +161,71 @@ Hardened Gentoo subprojects. project are:</p> <ul> <li> - <a href="http://www.gentoo.org/proj/en/hardened/primer.xml"> + <a href="primer.html"> Introduction to Hardened Gentoo </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml"> + <a href="hardenedfaq.html"> Hardened Frequently Asked Questions </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/roadmap.xml"> + <a href="roadmap.html"> Hardened Roadmap </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml"> + <a href="hardened-debugging.html">Hardened Debugging +</a> + </li> + <li> + <a href="hardenedxorg.html"> Using Xorg with Hardened </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml"> + <a href="hardened-toolchain.html"> Hardened Toolchain Technical Description </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml"> + <a href="pax-quickstart.html"> A quickstart covering PaX and Hardened Gentoo </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml"> + <a href="pax-utils.html"> PaX Utils </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml"> + <a href="grsecurity.html"> Grsecurity2 QuickStart Guide </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml"> + <a href="capabilities.html"> Capabilities Listing </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml"> + <a href="pic-guide.html"> PIC Intro (beginner) </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pic-internals.xml"> + <a href="pic-internals.html"> PIC Internals (intermediate) </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml"> + <a href="pic-fix-guide.html"> PIC Fixing (advanced) </a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml"> + <a href="gnu-stack.html"> GNU Stack Quickstart </a> </li> @@ -231,7 +235,7 @@ GNU Stack Quickstart </b> <ul> <li> - <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</a> + <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a> </li> </ul> </li> diff --git a/html/index2.html b/html/index2.html index 658e58e..dfebfe8 100644 --- a/html/index2.html +++ b/html/index2.html @@ -117,7 +117,7 @@ Gentoo once they've been tested for security and stability by the Hardened team. </tr> <tr> <td class="tableinfo"> - <a href="http://www.gentoo.org/proj/en/hardened/selinux/index.xml">SELinux</a> + <a href="selinux/index.html">SELinux</a> </td> <td class="tableinfo">pebenito</td> <td class="tableinfo">SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system.</td> @@ -167,55 +167,63 @@ Hardened Gentoo subprojects. project are:</p> <ul> <li> - <a href="http://www.gentoo.org/proj/en/hardened/primer.xml"> + <a href="primer.html"> Introduction to Hardened Gentoo</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml"> + <a href="hardenedfaq.html"> Hardened Frequently Asked Questions</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/roadmap.xml"> + <a href="roadmap.html"> Hardened Roadmap</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml"> + <a href="hardened-debugging.html">Hardened Debugging +</a> + </li> + <li> + <a href="hardened-debugging.html">Hardened Debugging +</a> + </li> + <li> + <a href="hardenedxorg.html"> Using Xorg with Hardened</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml"> + <a href="hardened-toolchain.html"> Hardened Toolchain Technical Description</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml"> + <a href="pax-quickstart.html"> A quickstart covering PaX and Hardened Gentoo</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml"> + <a href="pax-utils.html"> PaX Utils</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml"> + <a href="grsecurity.html"> Grsecurity2 QuickStart Guide</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml"> + <a href="capabilities.html"> Capabilities Listing</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml"> + <a href="pic-guide.html"> PIC Intro (beginner)</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pic-internals.xml"> + <a href="pic-internals.html"> PIC Internals (intermediate)</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml"> + <a href="pic-fix-guide.html"> PIC Fixing (advanced)</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml"> + <a href="gnu-stack.html"> GNU Stack Quickstart</a> </li> <li> @@ -224,7 +232,7 @@ GNU Stack Quickstart</a> </b> <ul> <li> - <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</a> + <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a> </li> </ul> </li> diff --git a/html/link.5.html b/html/link.5.html new file mode 100644 index 0000000..b5b499c --- /dev/null +++ b/html/link.5.html @@ -0,0 +1,449 @@ +<html> +<head><title>link(5) man page</title></head> +<body> +<pre> +LINK(5) BSD File Formats Manual LINK(5) + +NAME + link -- dynamic loader and link editor interface + +SYNOPSIS + #include <link.h> + +DESCRIPTION + The include file <link.h> declares several structures that are present in + dynamically linked programs and libraries. The structures define the + interface between several components of the link-editor and loader mecha- + nism. The layout of a number of these structures within the binaries + resembles the a.out(5) format in many places as it serves such similar + functions as symbol definitions (including the accompanying string table) + and relocation records needed to resolve references to external entities. + + It also records a number of data structures unique to the dynamic loading + and linking process. These include references to other objects that are + required to complete the link-editing process and indirection tables to + facilitate Position Independent Code (PIC) to improve sharing of code + pages among different processes. + + The collection of data structures described here will be referred to as + the Run-time Relocation Section (RRS) and is embedded in the standard + text and data segments of the dynamically linked program or shared object + image as the existing a.out(5) format offers no room for it elsewhere. + + Several utilities cooperate to ensure that the task of getting a program + ready to run can complete successfully in a way that optimizes the use of + system resources. The compiler emits PIC code from which shared + libraries can be built by ld(1). The compiler also includes size infor- + mation of any initialized data items through the .size assembler direc- + tive. + + PIC code differs from conventional code in that it accesses data vari- + ables through an indirection table, the Global Offset Table, by conven- + tion accessible by the reserved name _GLOBAL_OFFSET_TABLE_. The exact + mechanism used for this is machine dependent, usually a machine register + is reserved for the purpose. The rational behind this construct is to + generate code that is independent of the actual load address. Only the + values contained in the Global Offset Table may need updating at run-time + depending on the load addresses of the various shared objects in the + address space. + + Likewise, procedure calls to globally defined functions are redirected + through the Procedure Linkage Table (PLT) residing in the data segment of + the core image. Again, this is done to avoid run-time modifications to + the text segment. + + The linker-editor allocates the Global Offset Table and Procedure Linkage + Table when combining PIC object files into an image suitable for mapping + into the process address space. It also collects all symbols that may be + needed by the run-time link-editor and stores these along with the + image's text and data bits. Another reserved symbol, _DYNAMIC is used to + indicate the presence of the run-time linker structures. Whenever + _DYNAMIC is relocated to 0, there is no need to invoke the run-time link- + editor. If this symbol is non-zero, it points at a data structure from + which the location of the necessary relocation- and symbol information + can be derived. This is most notably used by the start-up module, crt0. + The _DYNAMIC structure is conventionally located at the start of the data + segment of the image to which it pertains. + +DATA STRUCTURES + The data structures supporting dynamic linking and run-time relocation + reside both in the text and data segments of the image they apply to. + The text segments contain read-only data such as symbols descriptions and + names, while the data segments contain the tables that need to be modi- + fied by during the relocation process. + + The _DYNAMIC symbol references a _dynamic structure: + + struct _dynamic { + int d_version; + struct so_debug *d_debug; + union { + struct section_dispatch_table *d_sdt; + } d_un; + struct ld_entry *d_entry; + }; + + d_version This field provides for different versions of the dynamic + linking implementation. The current version numbers under- + stood by ld and ld.so are LD_VERSION_SUN (3), which is used by + the SunOS 4.x releases, and LD_VERSION_BSD (8), which is cur- + rently in use by NetBSD. + + d_un Refers to a d_version dependent data structure. + + d_debug this field provides debuggers with a hook to access symbol + tables of shared objects loaded as a result of the actions of + the run-time link-editor. + + d_entry this field is obsoleted by CRT interface version CRT_VER- + SION_BSD4, and is replaced by the crt_ldentry in crt_ldso. + + The section_dispatch_table structure is the main ``dispatcher'' table, + containing offsets into the image's segments where various symbol and + relocation information is located. + + struct section_dispatch_table { + struct so_map *sdt_loaded; + long sdt_sods; + long sdt_paths; + long sdt_got; + long sdt_plt; + long sdt_rel; + long sdt_hash; + long sdt_nzlist; + long sdt_filler2; + long sdt_buckets; + long sdt_strings; + long sdt_str_sz; + long sdt_text_sz; + long sdt_plt_sz; + }; + + sdt_loaded A pointer to the first link map loaded (see below). This + field is set by ld.so(1) for the benefit of debuggers that + may use it to load a shared object's symbol table. + + sdt_sods The start of a (linked) list of shared object descriptors + needed by this object. + + sdt_paths Library search rules. A colon separated list of directories + corresponding to the -R option of ld(1). + + sdt_got The location of the Global Offset Table within this image. + + sdt_plt The location of the Procedure Linkage Table within this + image. + + sdt_rel The location of an array of relocation_info structures (see + a.out(5)) specifying run-time relocations. + + sdt_hash The location of the hash table for fast symbol lookup in this + object's symbol table. + + sdt_nzlist The location of the symbol table. + + sdt_filler2 + Currently unused. + + sdt_buckets + The number of buckets in sdt_hash + + sdt_strings + The location of the symbol string table that goes with + sdt_nzlist. + + sdt_str_sz The size of the string table. + + sdt_text_sz + The size of the object's text segment. + + sdt_plt_sz The size of the Procedure Linkage Table. + + A sod structure describes a shared object that is needed to complete the + link edit process of the object containing it. A list of such objects + (chained through sod_next) is pointed at by the sdt_sods in the sec- + tion_dispatch_table structure. + + struct sod { + long sod_name; + u_int sod_library : 1, + sod_unused : 31; + short sod_major; + short sod_minor; + long sod_next; + }; + + sod_name The offset in the text segment of a string describing this + link object. + + sod_library If set, sod_name specifies a library that is to be searched + for by ld.so. The path name is obtained by searching a set + of directories (see also ldconfig(8)) for a shared object + matching lib<sod_name>.so.n.m. If not set, sod_name should + point at a full path name for the desired shared object. + + sod_major Specifies the major version number of the shared object to + load. + + sod_minor Specifies the preferred minor version number of the shared + object to load. + + The run-time link-editor maintains a list of structures called link maps + to keep track of all shared objects loaded into a process' address space. + These structures are only used at run-time and do not occur within the + text or data segment of an executable or shared library. + + struct so_map { + caddr_t som_addr; + char *som_path; + struct so_map *som_next; + struct sod *som_sod; + caddr_t som_sodbase; + u_int som_write : 1; + struct _dynamic *som_dynamic; + caddr_t som_spd; + }; + + som_addr The address at which the shared object associated with this + link map has been loaded. + + som_path The full path name of the loaded object. + + som_next Pointer to the next link map. + + som_sod The sod structure that was responsible for loading this + shared object. + + som_sodbase Tossed in later versions the run-time linker. + + som_write Set if (some portion of) this object's text segment is cur- + rently writable. + + som_dynamic Pointer to this object's _dynamic structure. + + som_spd Hook for attaching private data maintained by the run-time + link-editor. + + Symbol description with size. This is simply an nlist structure with one + field (nz_size) added. Used to convey size information on items in the + data segment of shared objects. An array of these lives in the shared + object's text segment and is addressed by the sdt_nzlist field of + section_dispatch_table. + + struct nzlist { + struct nlist nlist; + u_long nz_size; + #define nz_un nlist.n_un + #define nz_strx nlist.n_un.n_strx + #define nz_name nlist.n_un.n_name + #define nz_type nlist.n_type + #define nz_value nlist.n_value + #define nz_desc nlist.n_desc + #define nz_other nlist.n_other + }; + + nlist (see nlist(3)). + + nz_size The size of the data represented by this symbol. + + A hash table is included within the text segment of shared object to + facilitate quick lookup of symbols during run-time link-editing. The + sdt_hash field of the section_dispatch_table structure points at an array + of rrs_hash structures: + + struct rrs_hash { + int rh_symbolnum; /* symbol number */ + int rh_next; /* next hash entry */ + }; + + rh_symbolnum The index of the symbol in the shared object's symbol table + (as given by the ld_symbols field). + + rh_next In case of collisions, this field is the offset of the next + entry in this hash table bucket. It is zero for the last + bucket element. + The rt_symbol structure is used to keep track of run-time allocated com- + mons and data items copied from shared objects. These items are kept on + linked list and is exported through the dd_cc field in the so_debug + structure (see below) for use by debuggers. + + struct rt_symbol { + struct nzlist *rt_sp; + struct rt_symbol *rt_next; + struct rt_symbol *rt_link; + caddr_t rt_srcaddr; + struct so_map *rt_smp; + }; + + rt_sp The symbol description. + + rt_next Virtual address of next rt_symbol. + + rt_link Next in hash bucket. Used by internally by ld.so. + + rt_srcaddr Location of the source of initialized data within a shared + object. + + rt_smp The shared object which is the original source of the data + that this run-time symbol describes. + + The so_debug structure is used by debuggers to gain knowledge of any + shared objects that have been loaded in the process's address space as a + result of run-time link-editing. Since the run-time link-editor runs as + a part of process initialization, a debugger that wishes to access sym- + bols from shared objects can only do so after the link-editor has been + called from crt0. A dynamically linked binary contains a so_debug struc- + ture which can be located by means of the d_debug field in _dynamic. + + struct so_debug { + int dd_version; + int dd_in_debugger; + int dd_sym_loaded; + char *dd_bpt_addr; + int dd_bpt_shadow; + struct rt_symbol *dd_cc; + }; + + dd_version Version number of this interface. + + dd_in_debugger Set by the debugger to indicate to the run-time linker + that the program is run under control of a debugger. + + dd_sym_loaded Set by the run-time linker whenever it adds symbols by + loading shared objects. + + dd_bpt_addr The address were a breakpoint will be set by the run-time + linker to divert control to the debugger. This address + is determined by the start-up module, crt0.o, to be some + convenient place before the call to _main. + + dd_bpt_shadow Contains the original instruction that was at + dd_bpt_addr. The debugger is expected to put this + instruction back before continuing the program. + + dd_cc A pointer to the linked list of run-time allocated sym- + bols that the debugger may be interested in. + + The ld_entry structure defines a set of service routines within ld.so. + See dlfcn(3) for more information. + + struct ld_entry { + void *(*dlopen)(char *, int); + int (*dlclose)(void *); + void *(*dlsym)(void *, char *); + int (*dlctl)(void *, int, void *); + void (*dlexit)(void); + }; + + The crt_ldso structure defines the interface between ld.so and the start- + up code in crt0. + + struct crt_ldso { + int crt_ba; + int crt_dzfd; + int crt_ldfd; + struct _dynamic *crt_dp; + char **crt_ep; + caddr_t crt_bp; + char *crt_prog; + char *crt_ldso; + char *crt_ldentry; + }; + #define CRT_VERSION_SUN 1 + #define CRT_VERSION_BSD2 2 + #define CRT_VERSION_BSD3 3 + #define CRT_VERSION_BSD4 4 + + crt_ba The virtual address at which ld.so was loaded by crt0. + + crt_dzfd On SunOS systems, this field contains an open file descriptor + to ``/dev/zero'' used to get demand paged zeroed pages. On + NetBSD systems it contains -1. + + crt_ldfd Contains an open file descriptor that was used by crt0 to load + ld.so. + + crt_dp A pointer to main's _dynamic structure. + + crt_ep A pointer to the environment strings. + + crt_bp The address at which a breakpoint will be placed by the run- + time linker if the main program is run by a debugger. See + so_debug + + crt_prog The name of the main program as determined by crt0 (CRT_VER- + SION_BSD3 only). + + crt_ldso The path of the run-time linker as mapped by crt0 (CRT_VER- + SION_BSD4 only). + + crt_ldentry + The dlfcn(3) entry points provided by the run-time linker + (CRT_VERSION_BSD4 only). + + The hints_header and hints_bucket structures define the layout of the + library hints, normally found in ``/var/run/ld.so.hints'', which is used + by ld.so to quickly locate the shared object images in the file system. + The organization of the hints file is not unlike that of an a.out(5) + object file, in that it contains a header determining the offset and size + of a table of fixed sized hash buckets and a common string pool. + + struct hints_header { + long hh_magic; + #define HH_MAGIC 011421044151 + long hh_version; + #define LD_HINTS_VERSION_1 1 + #define LD_HINTS_VERSION_2 2 + long hh_hashtab; + long hh_nbucket; + long hh_strtab; + long hh_strtab_sz; + long hh_ehints; + long hh_dirlist; + }; + + hh_magic Hints file magic number. + + hh_version Interface version number. + + hh_hashtab Offset of hash table. + + hh_strtab Offset of string table. + + hh_strtab_sz Size of strings. + + hh_ehints Maximum usable offset in hints file. + + hh_dirlist Offset in string table of a colon-separated list of direc- + tories that was used in constructing the hints file. See + also ldconfig(8). This field is only available with inter- + face version number LD_HINTS_VERSION_2 and higher. + + /* + * Hash table element in hints file. + */ + struct hints_bucket { + int hi_namex; + int hi_pathx; + int hi_dewey[MAXDEWEY]; + int hi_ndewey; + #define hi_major hi_dewey[0] + #define hi_minor hi_dewey[1] + int hi_next; + }; + + hi_namex Index of the string identifying the library. + + hi_pathx Index of the string representing the full path name of the + library. + + hi_dewey The version numbers of the shared library. + + hi_ndewey The number of valid entries in hi_dewey. + + hi_next Next bucket in case of hashing collisions. + +BSD October 23, 1993 BSD +</pre> +</body> +</html> diff --git a/html/pax-quickstart.html b/html/pax-quickstart.html index bf8ed4d..fd434ff 100644 --- a/html/pax-quickstart.html +++ b/html/pax-quickstart.html @@ -251,7 +251,7 @@ to run. Often we find that we need the -m -sp combos. --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pax-quickstart.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated September 11, 2007</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> A quickstart covering PaX and Hardened Gentoo. diff --git a/html/pax-utils.html b/html/pax-utils.html index 485fb43..52d430c 100644 --- a/html/pax-utils.html +++ b/html/pax-utils.html @@ -491,7 +491,7 @@ its parent project, grsecurity. The supported kernel package is <span class="code" dir="ltr">sys-kernel/hardened-sources</span>. </p> <p> -The Gentoo/Hardened project has a <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Gentoo PaX Quickstart Guide</a> +The Gentoo/Hardened project has a <a href="pax-quickstart.html">Gentoo PaX Quickstart Guide</a> for your reading pleasure. </p> <p class="secthead"><a name="doc_chap3_sect2">Flags and Capabilities</a></p> @@ -557,7 +557,7 @@ their Program Header. The following flags are supported: <p> The default Linux kernel also supports certain capabilities, grouped in the so-called <span class="emphasis">POSIX.1e Capabilities</span>. You can find a listing of those -capabilities in our <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml">POSIX Capabilities</a> document. +capabilities in our <a href="capabilities.html">POSIX Capabilities</a> document. </p> <p class="secthead"><a name="doc_chap3_sect3">Using pspax</a></p> <p> diff --git a/html/pic-fix-guide.html b/html/pic-fix-guide.html index 179eab0..d602735 100644 --- a/html/pic-fix-guide.html +++ b/html/pic-fix-guide.html @@ -51,8 +51,8 @@ We will update for non-x86 as we aquire details and useful examples. </span>Finding broken object code</p> <p> Before you can start fixing something, you got to make sure it's broken first, -right? For this reason, we've developed a suite of tools named <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities</a>. If you are not -familiar with these utilities, you should read the <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities Guide</a> now. Gentoo +right? For this reason, we've developed a suite of tools named <a href="pax-utils.html">PaX Utilities</a>. If you are not +familiar with these utilities, you should read the <a href="pax-utils.html">PaX Utilities Guide</a> now. Gentoo users can simply do <span class="code" dir="ltr">emerge pax-utils</span>. Non-Gentoo users should be able to find a copy of the source tarball in the <span class="path" dir="ltr">distfiles</span> on a <a href="http://www.gentoo.org/main/en/mirrors.xml">Gentoo Mirror</a>. Once you have the PaX Utilities setup on your system, we can start playing around with @@ -848,7 +848,7 @@ mmx32_rgb888_mask dd 00ffffffh,00ffffffh <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-fix-guide.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated August 19, 2007</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>A guide for tracking down and fixing .text relocations (TEXTRELs)</p></td></tr> <tr><td align="left" class="topsep"><p class="alttext"> diff --git a/html/pic-guide.html b/html/pic-guide.html index 035b444..e1c4922 100644 --- a/html/pic-guide.html +++ b/html/pic-guide.html @@ -150,7 +150,7 @@ References: --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-guide.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated October 11, 2005</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>What every developer should understand about using Position Independent Code</p></td></tr> <tr><td align="left" class="topsep"><p class="alttext"> diff --git a/html/pic-internals.html b/html/pic-internals.html index fec39e1..83da327 100644 --- a/html/pic-internals.html +++ b/html/pic-internals.html @@ -222,7 +222,7 @@ These executables simply do not need the PIC addressing mode for their functions --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pic-internals.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-internals.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated Feb 14 2004</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Understanding the impact of text relocations and explaining the use of PIC in shared libraries</p></td></tr> <tr><td align="left" class="topsep"><p class="alttext"> diff --git a/html/primer.html b/html/primer.html index 0554ca9..16301b4 100644 --- a/html/primer.html +++ b/html/primer.html @@ -247,7 +247,7 @@ <br><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/primer.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="primer.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated February 7, 2007</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>A Primer on Hardened Gentoo.</p></td></tr> <tr><td align="left" class="topsep"><p class="alttext"> diff --git a/html/rsbac/index.html b/html/rsbac/index.html index b5bcada..0b7175f 100644 --- a/html/rsbac/index.html +++ b/html/rsbac/index.html @@ -43,7 +43,7 @@ The required tool for the policies is still being developped. <p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3. </span>What is RSBAC?</p> <p> - <a href="http://www.rsbac.org/">RSBAC</a> (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses <a href="http://rsbac.org/documentation:different_models">several</a> well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled <a href="http://www.gentoo.org/proj/en/hardened/rsbac/overview.xml">overview</a>. + <a href="http://www.rsbac.org/">RSBAC</a> (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses <a href="http://rsbac.org/documentation:different_models">several</a> well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled <a href="rsbac/overview.html">overview</a>. </p> <p> However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution. @@ -105,10 +105,10 @@ The required tool for the policies is still being developped. project are:</p> <ul> <li> - <a href="http://www.gentoo.org/proj/en/hardened/rsbac/overview.xml">RSBAC Overview</a> + <a href="rsbac/overview.html">RSBAC Overview</a> </li> <li> - <a href="http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml">RSBAC Quickstart</a> + <a href="rsbac/quickstart.html">RSBAC Quickstart</a> </li> </ul> <p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7. diff --git a/html/rsbac/quickstart.html b/html/rsbac/quickstart.html index 2c1bf09..dfff38a 100644 --- a/html/rsbac/quickstart.html +++ b/html/rsbac/quickstart.html @@ -144,7 +144,7 @@ unless you want to log to remote machine</span> <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> If you plan to run a X Window server (such as X.org or XFree86), please also enable <span class="code" dir="ltr">"[*] X support (normal user MODIFY_PERM access to ST_ioports)"</span>. -Please also see <a href="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml">Using Xorg on Hardened Gentoo</a></p></td></tr></table> +Please also see <a href="hardenedxorg.html">Using Xorg on Hardened Gentoo</a></p></td></tr></table> <p> We will now configure PaX which is a complement of the RSBAC hardened kernel. It is also recommended that you enable the following options, in the "Security options ---> PaX" section. </p> @@ -299,7 +299,7 @@ parameter at boot time: </p> mailing-list</a>. It is generally a low traffic list, and RSBAC announcements for Gentoo will be available there. We also recommend you to subscribe to the <a href="http://rsbac.org/mailman/listinfo/rsbac/">RSBAC mailing-list</a>. -Please also check the <a href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml">hardened FAQ</a> as your questions might already be covered in this document. +Please also check the <a href="hardenedfaq.html">hardened FAQ</a> as your questions might already be covered in this document. </p> <table class="ntable"> <tr> <td class="tableinfo">Links:</td> @@ -327,7 +327,7 @@ Please also check the <a href="http://www.gentoo.org/proj/en/hardened/hardenedfa --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="rsbac/quickstart.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated 15 February 2006</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>This document will guide you through the installation of the RSBAC on Gentoo Linux</p></td></tr> diff --git a/html/selinux/hb-selinux-conv-reboot1.html b/html/selinux/hb-selinux-conv-reboot1.html index 3724b71..a5280ca 100644 --- a/html/selinux/hb-selinux-conv-reboot1.html +++ b/html/selinux/hb-selinux-conv-reboot1.html @@ -2,8 +2,8 @@ <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> -<link title="new" rel="stylesheet" href="http://www.gentoo.org/../../css/main.css" type="text/css"> -<link REL="shortcut icon" HREF="http://www.gentoo.org/../../favicon.ico" TYPE="image/x-icon"> +<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css"> +<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon"> <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website"> <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums"> <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla"> @@ -14,7 +14,7 @@ </title> </head> <body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0"> -<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/../../images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr> +<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr> <tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr> <td width="99%" class="content" valign="top" align="left"> <p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1. @@ -122,7 +122,7 @@ using Btrfs)</span> are enabled by default; thus, no options will appear in menuconfig. </p> <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>It is recommended to configure PaX if you are using harded-sources (also -recommended). More information about Pax can be found in the <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Hardened Gentoo +recommended). More information about Pax can be found in the <a href="pax-quickstart.html">Hardened Gentoo PaX Quickstart Guide</a>. </p></td></tr></table> <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffbbbb"><p class="note"><b>Warning: </b> diff --git a/html/selinux/index.html b/html/selinux/index.html index 22d6ada..6835449 100644 --- a/html/selinux/index.html +++ b/html/selinux/index.html @@ -152,7 +152,7 @@ project are:</p> <ul> <li> - <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</a> + <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a> </li> </ul> <p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8. diff --git a/html/tmpas b/html/tmpas new file mode 100644 index 0000000..4f04d7d --- /dev/null +++ b/html/tmpas @@ -0,0 +1 @@ +]&~o#MTV^"ZG:<nxeNg4cM0K^C"}Qi~:TXcBFl!nq=0x( rer\?o_'KwZutkp# diff --git a/html/toolchain-upgrade-guide.html b/html/toolchain-upgrade-guide.html index 8a44422..0c663ee 100644 --- a/html/toolchain-upgrade-guide.html +++ b/html/toolchain-upgrade-guide.html @@ -32,7 +32,7 @@ <p class="secthead"><a name="Rationale"></a><a name="doc_chap1_sect1">Rationale for re-working the hardened toolchain.</a></p> <p> The gcc-3/glibc-2.3 toolchain has been working reasonably well for -<a href="http://www.gentoo.org/proj/en/hardened/">Hardened Gentoo</a> +<a href="">Hardened Gentoo</a> for a few years now. However while it has gained in maturity, there are a number of known issues that have proven unresolvable so far. Most issues are relatively minor and only show up in rare circumstances, however it has become @@ -232,7 +232,7 @@ advice on common GCC upgrade pitfalls. </span>References</p> <p class="secthead"><a name="gentoorefs"></a><a name="doc_chap3_sect1">Other Gentoo Documentation</a></p> <ul> -<li><a href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml"> +<li><a href="hardened-toolchain.html"> Technical Description of the Gentoo Hardened Toolchain</a></li> <li><a href="http://www.gentoo.org/doc/en/gcc-upgrading.xml">Standard Gentoo GCC Upgrade Guide</a></li> </ul> @@ -255,7 +255,7 @@ Technical Description of the Gentoo Hardened Toolchain</a></li> --><br> </td> <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px"> -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml?style=printable">Print</a></p></td></tr> +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="toolchain-upgrade-guide.xml?style=printable">Print</a></p></td></tr> <tr><td class="topsep" align="center"><p class="alttext">Updated February 22, 2007</p></td></tr> <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> Guide for upgrading from hardened gcc-3/glibc-2.3/binutils-2.16 to gcc-4/glibc-2.5/binutils-2.17. diff --git a/xml/docs/CVS/Entries b/xml/docs/CVS/Entries deleted file mode 100644 index dd0e57a..0000000 --- a/xml/docs/CVS/Entries +++ /dev/null @@ -1,5 +0,0 @@ -/devel-chroots-intro.xml/1.1/Tue Dec 19 08:42:53 2006// -/glossary.xml/1.2/Wed Sep 15 12:04:35 2004// -/index.xml/1.3/Fri Mar 16 10:40:45 2007// -/pax-howto.xml/1.2/Fri Sep 24 10:49:00 2004// -D diff --git a/xml/docs/CVS/Repository b/xml/docs/CVS/Repository deleted file mode 100644 index 1f0d30e..0000000 --- a/xml/docs/CVS/Repository +++ /dev/null @@ -1 +0,0 @@ -gentoo/xml/htdocs/proj/en/hardened/docs diff --git a/xml/docs/CVS/Root b/xml/docs/CVS/Root deleted file mode 100644 index da304d3..0000000 --- a/xml/docs/CVS/Root +++ /dev/null @@ -1 +0,0 @@ -:pserver:anonymous@anoncvs.gentoo.org/var/cvsroot diff --git a/xml/docs/devel-chroots-intro.xml b/xml/docs/devel-chroots-intro.xml index 8a97405..8294c6a 100644 --- a/xml/docs/devel-chroots-intro.xml +++ b/xml/docs/devel-chroots-intro.xml @@ -2,7 +2,7 @@ <!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> <!-- $Header $ --> -<guide link="http://www.gentoo.org/proj/en/hardened/devel-chroots-intro.xml" lang="en"> +<guide link="/proj/en/hardened/devel-chroots-intro.xml" lang="en"> <title>Developer Chroots Utility Guide</title> diff --git a/xml/gnu-stack.xml b/xml/gnu-stack.xml index 5d682ed..0a2c4d4 100644 --- a/xml/gnu-stack.xml +++ b/xml/gnu-stack.xml @@ -399,7 +399,7 @@ append-ldflags -Wl,-z,noexecstack <p> If all else fails, ask around on #gentoo-dev on the irc server irc.freenode.net. Or send an e-mail to the <uri -link="http://www.gentoo.org/main/en/lists.xml">gentoo-dev mailing list</uri>. +link="/main/en/lists.xml">gentoo-dev mailing list</uri>. If no one can seem to answer your question, give me a poke either on irc (nickname SpanKY/vapier) or via <mail link="vapier@gentoo.org">e-mail</mail>. </p> diff --git a/xml/grsecurity.xml b/xml/grsecurity.xml index 53669d7..083fea6 100644 --- a/xml/grsecurity.xml +++ b/xml/grsecurity.xml @@ -868,7 +868,7 @@ USE variable in <path>/etc/make.conf</path>. </li> <li> - <uri link="http://www.gentoo.org/proj/en/hardened/capabilities.xml"> + <uri link="/proj/en/hardened/capabilities.xml"> Capability Names and Descriptions</uri> </li> <li> @@ -877,7 +877,7 @@ USE variable in <path>/etc/make.conf</path>. </li> <li> - <uri link="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Using PaX with + <uri link="/proj/en/hardened/pax-quickstart.xml">Using PaX with Gentoo QuickStart</uri> (NEW) </li> <li> @@ -893,7 +893,7 @@ USE variable in <path>/etc/make.conf</path>. <uri link="http://pax.grsecurity.net">PaX HomePage and Documentation</uri> </li> <li> - <uri link="http://www.gentoo.org/proj/en/infrastructure/tenshi">Tenshi</uri> + <uri link="/proj/en/infrastructure/tenshi">Tenshi</uri> </li> </ul> diff --git a/xml/hardeneddebug.xml b/xml/hardened-debugging.xml index 3034b78..3034b78 100644 --- a/xml/hardeneddebug.xml +++ b/xml/hardened-debugging.xml diff --git a/xml/hardenedfaq.xml b/xml/hardenedfaq.xml index d68f7ce..06adbb7 100644 --- a/xml/hardenedfaq.xml +++ b/xml/hardenedfaq.xml @@ -298,38 +298,13 @@ oolchain so that you have a consistent base: <section id="hardeneddebug"> <title>How do I debug with gdb?</title> <body> + <p> -First gotcha is that GDB can't resolve symbols in PIEs; it doesn't realise that -the addresses are relative in PIEs not absolute. This shows up when you try to -get a backtrace for example, and see a stream of lines with <e>'??'</e> where -the symbol should be. -</p> -<p> -To get around this, do the final link stage with <c>-nopie</c> - all the -preceding object compilations can still be with <c>-fPIE</c> as normal (i.e. the -default with the hardened compiler) so that your executable is as close as -possible to the real thing, but the final link must create a regular executable. -Try adding <c>-nopie</c> to LDFLAGS if you're building with emerge. -</p> -<p> -Another way of accomplishing this, it to emerge <c>>=sys-devel/gdb-7.1</c>, -which contains a special patch that makes it able to debug executables linked -with <c>-pie</c>. -</p> -<p> -The second gotcha is that PaX may prevent GDB from setting breakpoints, -depending on how the kernel is configured. This includes the breakpoint at main -which you need to get started. To stop PaX doing this, the executable being -debugged needs the <c>m</c> and <c>x</c> flags. The <c>x</c> flag is set by -default, so it is enough to do: -</p> -<pre caption="Relax PaX for debug"> -# <i>/sbin/paxctl -m foo</i> -</pre> -<p> -At this point, you should be good to go! Fire up gdb in the usual way. Good -luck! +We have written a <uri link="/proj/en/hardened/hardened-debugging.xml">document +on how to debug with Gentoo Hardened</uri>, so following the recommedations +there should fix your problem. </p> + </body> </section> diff --git a/xml/index.xml b/xml/index.xml index 107d892..81c27f7 100644 --- a/xml/index.xml +++ b/xml/index.xml @@ -80,46 +80,45 @@ such as process limiting, setting quotas, securing systems with kerberos, chrooting, tightening services, etc.</plannedproject> --> -<resource link="http://www.gentoo.org/proj/en/hardened/primer.xml"> +<resource link="/proj/en/hardened/primer.xml"> Introduction to Hardened Gentoo </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml"> +<resource link="/proj/en/hardened/hardenedfaq.xml"> Hardened Frequently Asked Questions </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/roadmap.xml"> +<resource link="/proj/en/hardened/roadmap.xml"> Hardened Roadmap </resource> -<!-- This is WIP will apppear when it's done. -<resource link="http://www.gentoo.org/proj/en/hardened/?.xml">Hardened Debugging -</resource>--> -<resource link="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml"> +<resource link="/proj/en/hardened/hardened-debugging.xml">Hardened Debugging +</resource> +<resource link="/proj/en/hardened/hardenedxorg.xml"> Using Xorg with Hardened </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml"> +<resource link="/proj/en/hardened/hardened-toolchain.xml"> Hardened Toolchain Technical Description </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml"> +<resource link="/proj/en/hardened/pax-quickstart.xml"> A quickstart covering PaX and Hardened Gentoo </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pax-utils.xml"> +<resource link="/proj/en/hardened/pax-utils.xml"> PaX Utils </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/grsecurity.xml"> +<resource link="/proj/en/hardened/grsecurity.xml"> Grsecurity2 QuickStart Guide </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/capabilities.xml"> +<resource link="/proj/en/hardened/capabilities.xml"> Capabilities Listing </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pic-guide.xml"> +<resource link="/proj/en/hardened/pic-guide.xml"> PIC Intro (beginner) </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pic-internals.xml"> +<resource link="/proj/en/hardened/pic-internals.xml"> PIC Internals (intermediate) </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml"> +<resource link="/proj/en/hardened/pic-fix-guide.xml"> PIC Fixing (advanced) </resource> -<resource link="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml"> +<resource link="/proj/en/hardened/gnu-stack.xml"> GNU Stack Quickstart </resource> diff --git a/xml/index2.xml b/xml/index2.xml index cd0b6fc..0ec47b5 100644 --- a/xml/index2.xml +++ b/xml/index2.xml @@ -81,34 +81,35 @@ such as process limiting, setting quotas, securing systems with kerberos, chrooting, tightening services, etc.</plannedproject> --> -<resource link="http://www.gentoo.org/proj/en/hardened/primer.xml"> +<resource link="/proj/en/hardened/primer.xml"> Introduction to Hardened Gentoo</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml"> +<resource link="/proj/en/hardened/hardenedfaq.xml"> Hardened Frequently Asked Questions</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/roadmap.xml"> +<resource link="/proj/en/hardened/roadmap.xml"> Hardened Roadmap</resource> -<!-- This is WIP will apppear when it's done. -<resource link="http://www.gentoo.org/proj/en/hardened/?.xml">Hardened Debuging -</resource>--> -<resource link="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml"> +<resource link="/proj/en/hardened/hardened-debugging.xml">Hardened Debugging +</resource> +<resource link="/proj/en/hardened/hardened-debugging.xml">Hardened Debugging +</resource> +<resource link="/proj/en/hardened/hardenedxorg.xml"> Using Xorg with Hardened</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml"> +<resource link="/proj/en/hardened/hardened-toolchain.xml"> Hardened Toolchain Technical Description</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml"> +<resource link="/proj/en/hardened/pax-quickstart.xml"> A quickstart covering PaX and Hardened Gentoo</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pax-utils.xml"> +<resource link="/proj/en/hardened/pax-utils.xml"> PaX Utils</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/grsecurity.xml"> +<resource link="/proj/en/hardened/grsecurity.xml"> Grsecurity2 QuickStart Guide</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/capabilities.xml"> +<resource link="/proj/en/hardened/capabilities.xml"> Capabilities Listing</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pic-guide.xml"> +<resource link="/proj/en/hardened/pic-guide.xml"> PIC Intro (beginner)</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pic-internals.xml"> +<resource link="/proj/en/hardened/pic-internals.xml"> PIC Internals (intermediate)</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml"> +<resource link="/proj/en/hardened/pic-fix-guide.xml"> PIC Fixing (advanced)</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml"> +<resource link="/proj/en/hardened/gnu-stack.xml"> GNU Stack Quickstart</resource> <herd name="hardened" /> diff --git a/xml/pie-ssp.xml b/xml/pie-ssp.xml index ceaaa34..9d24c7f 100644 --- a/xml/pie-ssp.xml +++ b/xml/pie-ssp.xml @@ -278,7 +278,7 @@ glibc-based SSP setup for userland in GNU/Linux for Gentoo-Linux at all! <li><uri link="http://fedora.redhat.com">Fedora Homepage</uri></li> <li><uri link="http://www.openbsd.com">OpenBSD Homepage</uri></li> <li><uri link="http://www.nsa.gov/selinux">SElinux Homepage</uri></li> - <li><uri link="http://www.gentoo.org/doc/en/distcc.xml">Gentoo Distcc Documentation</uri></li> + <li><uri link="/doc/en/distcc.xml">Gentoo Distcc Documentation</uri></li> </ul> </body> </section> diff --git a/xml/rsbac/CVS/Entries b/xml/rsbac/CVS/Entries deleted file mode 100644 index 17d2fb8..0000000 --- a/xml/rsbac/CVS/Entries +++ /dev/null @@ -1,6 +0,0 @@ -/index.xml/1.10/Mon Aug 11 01:55:38 2008// -/intro.xml/1.1/Fri Sep 17 23:02:28 2004// -/overview.xml/1.6/Wed Oct 12 08:24:42 2005// -/quickstart.xml/1.11/Tue Jul 4 20:08:05 2006// -/transition.xml/1.1/Wed Feb 15 16:22:08 2006// -D diff --git a/xml/rsbac/CVS/Repository b/xml/rsbac/CVS/Repository deleted file mode 100644 index 1c5b220..0000000 --- a/xml/rsbac/CVS/Repository +++ /dev/null @@ -1 +0,0 @@ -gentoo/xml/htdocs/proj/en/hardened/rsbac diff --git a/xml/rsbac/CVS/Root b/xml/rsbac/CVS/Root deleted file mode 100644 index da304d3..0000000 --- a/xml/rsbac/CVS/Root +++ /dev/null @@ -1 +0,0 @@ -:pserver:anonymous@anoncvs.gentoo.org/var/cvsroot diff --git a/xml/rsbac/index.xml b/xml/rsbac/index.xml index 8247dad..1511cca 100644 --- a/xml/rsbac/index.xml +++ b/xml/rsbac/index.xml @@ -24,7 +24,7 @@ The required tool for the policies is still being developped. <title>What is RSBAC?</title> <section><body> <p> - <uri link="http://www.rsbac.org/">RSBAC</uri> (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses <uri link="http://rsbac.org/documentation:different_models">several</uri> well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled <uri link="http://www.gentoo.org/proj/en/hardened/rsbac/overview.xml">overview</uri>. + <uri link="http://www.rsbac.org/">RSBAC</uri> (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses <uri link="http://rsbac.org/documentation:different_models">several</uri> well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled <uri link="/proj/en/hardened/rsbac/overview.xml">overview</uri>. </p> <p> However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution. @@ -48,8 +48,8 @@ The required tool for the policies is still being developped. RSBAC support on desktops. </plannedproject> -<resource link="http://www.gentoo.org/proj/en/hardened/rsbac/overview.xml">RSBAC Overview</resource> -<resource link="http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml">RSBAC Quickstart</resource> +<resource link="/proj/en/hardened/rsbac/overview.xml">RSBAC Overview</resource> +<resource link="/proj/en/hardened/rsbac/quickstart.xml">RSBAC Quickstart</resource> <extrachapter position="resources"> <title>How Do I Use This?</title> @@ -58,7 +58,7 @@ The required tool for the policies is still being developped. <p> RSBAC can be installed new on a system by following the above install guide for your architecture. If there is not an install guide for your architecuture - yet, it is still possible to install by following the <uri link="http://www.gentoo.org/doc/en/handbook/index.xml">Gentoo Handbook</uri>. + yet, it is still possible to install by following the <uri link="/doc/en/handbook/index.xml">Gentoo Handbook</uri>. When the system is installed, convert it to RSBAC by using the Quickstart Guide. It is suggested that you use the Hardened profile or use "hardened pie" as your USE flags during this installation. diff --git a/xml/rsbac/quickstart.xml b/xml/rsbac/quickstart.xml index 092f1de..14cb499 100644 --- a/xml/rsbac/quickstart.xml +++ b/xml/rsbac/quickstart.xml @@ -140,7 +140,7 @@ unless you want to log to remote machine</comment> <note> If you plan to run a X Window server (such as X.org or XFree86), please also enable <c>"[*] X support (normal user MODIFY_PERM access to ST_ioports)"</c>. -Please also see <uri link="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml">Using Xorg on Hardened Gentoo</uri></note> +Please also see <uri link="/proj/en/hardened/hardenedxorg.xml">Using Xorg on Hardened Gentoo</uri></note> <p> We will now configure PaX which is a complement of the RSBAC hardened kernel. It is also recommended that you enable the following options, @@ -298,12 +298,12 @@ parameter at boot time: </p> <chapter> <title>Further information</title> <section> <body> <p> It is also strongly suggested that you subscribe to the <uri -link="http://www.gentoo.org/main/en/lists.xml">gentoo-hardened +link="/main/en/lists.xml">gentoo-hardened mailing-list</uri>. It is generally a low traffic list, and RSBAC announcements for Gentoo will be available there. We also recommend you to subscribe to the <uri link="http://rsbac.org/mailman/listinfo/rsbac/">RSBAC mailing-list</uri>. -Please also check the <uri link="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml">hardened FAQ</uri> as your questions might already be covered in this document. +Please also check the <uri link="/proj/en/hardened/hardenedfaq.xml">hardened FAQ</uri> as your questions might already be covered in this document. </p> <table> <tr> diff --git a/xml/selinux/CVS/Entries b/xml/selinux/CVS/Entries deleted file mode 100644 index e9e6593..0000000 --- a/xml/selinux/CVS/Entries +++ /dev/null @@ -1,16 +0,0 @@ -/hb-install.xml/1.5/Fri Jun 25 16:07:19 2010// -/hb-selinux-conv-profile.xml/1.10/Fri Jun 25 16:07:19 2010// -/hb-selinux-conv-reboot1.xml/1.11/Wed Oct 6 15:11:15 2010// -/hb-selinux-conv-reboot2.xml/1.11/Fri Jun 25 16:07:19 2010// -/hb-selinux-faq.xml/1.4/Thu Sep 7 10:37:46 2006// -/hb-selinux-howto.xml/1.6/Tue May 20 15:45:43 2008// -/hb-selinux-initpol.xml/1.6/Tue May 20 15:45:43 2008// -/hb-selinux-libsemanage.xml/1.1/Sun Oct 15 20:32:39 2006// -/hb-selinux-localmod.xml/1.1/Sun Oct 15 20:32:39 2006// -/hb-selinux-loglocal.xml/1.7/Tue May 20 15:45:43 2008// -/hb-selinux-logremote.xml/1.7/Tue May 20 15:45:43 2008// -/hb-selinux-overview.xml/1.10/Fri Jun 25 16:07:19 2010// -/hb-selinux-references.xml/1.5/Fri Jun 25 16:07:19 2010// -/index.xml/1.41/Wed Jul 22 13:38:18 2009// -/selinux-handbook.xml/1.9/Fri Jun 25 16:07:19 2010// -D diff --git a/xml/selinux/CVS/Repository b/xml/selinux/CVS/Repository deleted file mode 100644 index 9f509b3..0000000 --- a/xml/selinux/CVS/Repository +++ /dev/null @@ -1 +0,0 @@ -gentoo/xml/htdocs/proj/en/hardened/selinux diff --git a/xml/selinux/CVS/Root b/xml/selinux/CVS/Root deleted file mode 100644 index da304d3..0000000 --- a/xml/selinux/CVS/Root +++ /dev/null @@ -1 +0,0 @@ -:pserver:anonymous@anoncvs.gentoo.org/var/cvsroot diff --git a/xml/selinux/hb-selinux-conv-reboot1.xml b/xml/selinux/hb-selinux-conv-reboot1.xml index 0027f41..648fd31 100644 --- a/xml/selinux/hb-selinux-conv-reboot1.xml +++ b/xml/selinux/hb-selinux-conv-reboot1.xml @@ -119,7 +119,7 @@ using Btrfs)</comment> </p> <note>It is recommended to configure PaX if you are using harded-sources (also -recommended). More information about Pax can be found in the <uri link="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Hardened Gentoo +recommended). More information about Pax can be found in the <uri link="/proj/en/hardened/pax-quickstart.xml">Hardened Gentoo PaX Quickstart Guide</uri>. </note> diff --git a/xml/selinux/hb-selinux-conv-reboot2.xml b/xml/selinux/hb-selinux-conv-reboot2.xml index 03be7e9..906e7e0 100644 --- a/xml/selinux/hb-selinux-conv-reboot2.xml +++ b/xml/selinux/hb-selinux-conv-reboot2.xml @@ -200,7 +200,7 @@ reboot)</p> # <i>rlpkg -a -r</i> </pre> <note> - It is strongly suggested to <uri link="http://www.gentoo.org/main/en/lists.xml">subscribe</uri> + It is strongly suggested to <uri link="/main/en/lists.xml">subscribe</uri> to the gentoo-hardened mail list. It is generally a low traffic list, and SELinux announcements are made there. </note> diff --git a/xml/selinux/index.xml b/xml/selinux/index.xml index 888caf1..b6dd1f0 100644 --- a/xml/selinux/index.xml +++ b/xml/selinux/index.xml @@ -75,7 +75,7 @@ <!-- <resource link="http://selinux.dev.gentoo.org">SELinux Demonstration Machine</resource> --> -<resource link="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</resource> +<resource link="/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</resource> <extrachapter position="resources"> <title>How Do I Use This?</title> |