summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--documentation/ref-manual/migration.xml7
-rw-r--r--documentation/ref-manual/ref-variables.xml26
2 files changed, 29 insertions, 4 deletions
diff --git a/documentation/ref-manual/migration.xml b/documentation/ref-manual/migration.xml
index 91eabf807b..5dea5ad960 100644
--- a/documentation/ref-manual/migration.xml
+++ b/documentation/ref-manual/migration.xml
@@ -5182,9 +5182,10 @@ id=f4d4f99cfbc2396e49c1613a7d237b9e57f06f81'>commit message</ulink>.
5182 </para></listitem> 5182 </para></listitem>
5183 <listitem><para> 5183 <listitem><para>
5184 By default, the <filename>security_flags.inc</filename> file 5184 By default, the <filename>security_flags.inc</filename> file
5185 sets a <filename>GCCPIE</filename> variable with an option 5185 sets a
5186 to enable Position Independent Executables (PIE) within 5186 <link linkend='var-GCCPIE'><filename>GCCPIE</filename></link>
5187 <filename>gcc</filename>. 5187 variable with an option to enable Position Independent
5188 Executables (PIE) within <filename>gcc</filename>.
5188 Enabling PIE in the GNU C Compiler (GCC), makes Return 5189 Enabling PIE in the GNU C Compiler (GCC), makes Return
5189 Oriented Programming (ROP) attacks much more difficult to 5190 Oriented Programming (ROP) attacks much more difficult to
5190 execute. 5191 execute.
diff --git a/documentation/ref-manual/ref-variables.xml b/documentation/ref-manual/ref-variables.xml
index a79fc2ec87..631759d372 100644
--- a/documentation/ref-manual/ref-variables.xml
+++ b/documentation/ref-manual/ref-variables.xml
@@ -22,7 +22,7 @@
22 <link linkend='var-D'>D</link> 22 <link linkend='var-D'>D</link>
23 <link linkend='var-EFI_PROVIDER'>E</link> 23 <link linkend='var-EFI_PROVIDER'>E</link>
24 <link linkend='var-FEATURE_PACKAGES'>F</link> 24 <link linkend='var-FEATURE_PACKAGES'>F</link>
25 <link linkend='var-GDB'>G</link> 25 <link linkend='var-GCCPIE'>G</link>
26 <link linkend='var-HOMEPAGE'>H</link> 26 <link linkend='var-HOMEPAGE'>H</link>
27 <link linkend='var-ICECC_DISABLED'>I</link> 27 <link linkend='var-ICECC_DISABLED'>I</link>
28<!-- <link linkend='var-glossary-j'>J</link> --> 28<!-- <link linkend='var-glossary-j'>J</link> -->
@@ -5030,6 +5030,30 @@
5030 5030
5031 <glossdiv id='var-glossary-g'><title>G</title> 5031 <glossdiv id='var-glossary-g'><title>G</title>
5032 5032
5033 <glossentry id='var-GCCPIE'><glossterm>GCCPIE</glossterm>
5034 <info>
5035 GCCPIE[doc] = "Enables Position Independent Executables (PIE) within the GNU C Compiler (GCC)."
5036 </info>
5037 <glossdef>
5038 <para role="glossdeffirst">
5039<!-- <para role="glossdeffirst"><imagedata fileref="figures/define-generic.png" /> -->
5040 Enables Position Independent Executables (PIE) within the
5041 GNU C Compiler (GCC).
5042 Enabling PIE in the GCC makes Return Oriented Programming
5043 (ROP) attacks much more difficult to
5044 execute.
5045 </para>
5046
5047 <para>
5048 By default the <filename>security_flags.inc</filename>
5049 file enables PIE by setting the variable as follows:
5050 <literallayout class='monospaced'>
5051 GCCPIE ?= "--enable-default-pie"
5052 </literallayout>
5053 </para>
5054 </glossdef>
5055 </glossentry>
5056
5033 <glossentry id='var-GDB'><glossterm>GDB</glossterm> 5057 <glossentry id='var-GDB'><glossterm>GDB</glossterm>
5034 <info> 5058 <info>
5035 GDB[doc] = "The minimal command and arguments to run the GNU Debugger." 5059 GDB[doc] = "The minimal command and arguments to run the GNU Debugger."