From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-commits+bounces-545176-garchives=archives.gentoo.org@lists.gentoo.org> Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 75D30138424 for <garchives@archives.gentoo.org>; Sat, 12 Jan 2013 13:19:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 917F821C044; Sat, 12 Jan 2013 13:18:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1B0F821C044 for <gentoo-commits@lists.gentoo.org>; Sat, 12 Jan 2013 13:18:54 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3643733D98B for <gentoo-commits@lists.gentoo.org>; Sat, 12 Jan 2013 13:18:53 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id AB7B8E4073 for <gentoo-commits@lists.gentoo.org>; Sat, 12 Jan 2013 13:18:50 +0000 (UTC) From: "Magnus Granberg" <zorry@gentoo.org> To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Magnus Granberg" <zorry@gentoo.org> Message-ID: <1358000318.1782f8ce0113f44ac5f1710b527327e3a4def915.zorry@gentoo> Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/ X-VCS-Repository: proj/hardened-docs X-VCS-Files: xml/hardenedfaq.xml X-VCS-Directories: xml/ X-VCS-Committer: zorry X-VCS-Committer-Name: Magnus Granberg X-VCS-Revision: 1782f8ce0113f44ac5f1710b527327e3a4def915 X-VCS-Branch: master Date: Sat, 12 Jan 2013 13:18:50 +0000 (UTC) Precedence: bulk List-Post: <mailto:gentoo-commits@lists.gentoo.org> List-Help: <mailto:gentoo-commits+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org> X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 344ad465-2391-430e-ba81-c7d7672d4cb5 X-Archives-Hash: 1f9e464a3f8d012aa6193c2bc24f43a4 commit: 1782f8ce0113f44ac5f1710b527327e3a4def915 Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> AuthorDate: Sat Jan 12 14:18:38 2013 +0000 Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> CommitDate: Sat Jan 12 14:18:38 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=1782f8ce Add orc use flag to the faq --- xml/hardenedfaq.xml | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/xml/hardenedfaq.xml b/xml/hardenedfaq.xml index 9be1ffb..73760e3 100644 --- a/xml/hardenedfaq.xml +++ b/xml/hardenedfaq.xml @@ -339,7 +339,7 @@ there should fix your problem. </section> <section id="jitflag"> -<title>Why is the jit flag disabled in the hardened profile?</title> +<title>Why is the jit and orc flag disabled in the hardened profile?</title> <body> <p> @@ -349,7 +349,8 @@ binary code in memory and then executing the compiled code. This means that the program need a section of memory which has write and execution permissions to write and then execute the code which is denied by PaX, unless the mprotect flag is unset for the executable. As a result, we disabled the JIT use flag by -default to avoid complaints and security problems. +default to avoid complaints and security problems. ORC use Just In Time +Compilation (jit). </p> <p> @@ -362,7 +363,7 @@ execute any code it wants to. </section> <section id="enablejit"> -<title>How do I enable the jit flag?</title> +<title>How do I enable the jit or orc flag?</title> <body> <p> @@ -399,7 +400,7 @@ SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" </pre> <impo> -Remember that if you enable JIT code on PaX you may need to disable mprotect on +Remember that if you enable JIT or ORC code on PaX you may need to disable mprotect on the binaries using such code, either by them selves or through libraries. Check the <uri link="#paxjavajit">PaX question on Java and JIT to see how to do this </uri>