Index: pax-quickstart.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-quickstart.xml,v
retrieving revision 1.12
diff -u -r1.12 pax-quickstart.xml
--- pax-quickstart.xml	11 Nov 2007 17:08:51 -0000	1.12
+++ pax-quickstart.xml	20 Mar 2009 19:43:06 -0000
@@ -14,6 +14,9 @@
 <author title="Editor">
   <mail link="solar@gentoo.org">solar</mail>
 </author>
+<author title="Reviewer">
+  <mail link="klondike@xiscosoft.es">klondike</mail>
+</author>
 
 <abstract>
 A quickstart covering PaX and Hardened Gentoo.
@@ -23,8 +26,8 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.0 -->
 <license/>
 
-<version>1.4</version>
-<date>2007-09-11</date>
+<version>1.5</version>
+<date>2009-14-03</date>
 
 <chapter>
 <title>What is Hardened Gentoo?</title>
@@ -48,20 +51,43 @@
 <body>
 
 <p>
-PaX is a patch to the Linux kernel that provides hardening in two ways.
+PaX is a patch to the Linux kernel that provides hardening in three ways (four on
+x86 32-bit machines).
 </p>
 
 <p>
 The first, <e>ASLR</e> (Address Space Layout Randomization) provides a means to
 randomize the addressing scheme of all data loaded into memory. When an
 application is built as a <e>PIE</e> (Position Independent Executable), PaX is
-able to also randomize the addresses of the application base in addition.
+able to also randomize the addresses of the application base and kernel in addition.
+ASLR prevents some exploits which rely on the knowledge of the address of the data
+to be exploited.
 </p>
 
 <p>
 The second protection provided by PaX is non-executable memory. This prevents a
 common form of attack where executable code is inserted into memory by an
-attacker. More information on PaX can be found throughout this guide, but the
+attacker.
+</p>
+
+<p>
+The third, free memory sanitization, erases RAM memory pages when they are freed in
+order to avoid sensible data to stay in memory for a long time.
+</p>
+
+<note>
+The free memory sanitization doesn't sanitizes swap pages so if the data is on swap it
+will stay there for a long time before it is overwriten.
+</note>
+
+<p>
+The fourth, which is only avaiable on 32 bit x86 builds, invalid userland pointer derefrence
+prevention, adds a few checks to the kernel so it doesn't dereference userland (this is non-kernel)
+addreses when it is expected to only dereference kernel addresses.
+</p>
+
+<p>
+More information on PaX can be found throughout this guide, but the
 homepage can be found at <uri>http://pax.grsecurity.net</uri>.
 </p>
 
@@ -84,7 +110,7 @@
 <e>SSP</e> (Stack Smashing Protector) is a second complementary technology we
 introduce at executable build time. SSP was originally introduced by IBM under
 the name <e>ProPolice</e>. It modifies the C compiler to insert initialization 
-code into functions that create a buffer in memory. 
+code into functions that create a buffer in memory.
 </p>
 
 <note>
@@ -134,31 +160,36 @@
 </p>
 
 <pre caption="Kernel configuration">
+PaX  ---&gt;
 [*] Enable various PaX features
 
-PaX Control -&gt;
+PaX Control ---&gt;
 
  [ ] Support soft mode
- [*] Use legacy ELF header marking
+ [ ] Use legacy ELF header marking
  [*] Use ELF program header marking
      MAC system integration (none)  ---&gt;
 
-Non-executable page -&gt;
+Non-executable page ---&gt;
 
  [*] Enforce non-executable pages
  [*]   Paging based non-executable pages
  [*]   Segmentation based non-executable pages
  [*] Emulate trampolines
  [*] Restrict mprotect()
- [ ]   Disallow ELF text relocations
+ [*]   Disallow ELF text relocations
+ [*] Enforce non-executable kernel pages
 
-Address Space Layout Randomization -&gt;
+Address Space Layout Randomization ---&gt;
 
  [*] Address Space Layout Randomization
  [*]   Randomize kernel stack base
  [*]   Randomize user stack base
  [*]   Randomize mmap() base
- [*]     Randomize ET_EXEC base
+Miscellaneous hardening features  ---&gt;
+  [*] Sanitize all freed memory
+  [*] Prevent invalid userland pointer dereference
+  [*] Prevent various kernel object reference counter overflows
 </pre>
 
 <p>
@@ -220,15 +251,15 @@
 </p>
 
 <note>
-The most notable of these applications are XFree/Xorg, mplayer and multimedia tools
-based on xine-lib. The easiest way around these problems are to disable PaX
+The most notable of these applications are XFree/Xorg, firefox, mplayer and multimedia
+tools based on xine-lib. The easiest way around these problems are to disable PaX
 protections.
 </note>
 
 <p>
 Luckily there is a utility to toggle protections on a per-executable basis,
 <e>paxctl</e>. As with any other package in Gentoo, install paxctl with the
-command <c>emerge paxctl</c>. Usage is show by <c>paxctl -h</c>.
+command <c>emerge paxctl</c>. Usage is shown by <c>paxctl -h</c>.
 </p>
 
 <note>
@@ -251,6 +282,8 @@
 
         -v: view flags                  -z: restore default flags
         -q: suppress error messages     -Q: report flags in short format flags
+        -c: convert PT_GNU_STACK into PT_PAX_FLAGS (see manpage!)
+        -C: create PT_PAX_FLAGS (see manpage!)
 </pre>
 
 <p>