! during GNU/Debian installation:
	* do *not* choose "targeted modules" installation
	* do not include the mpt package
! packages needed after a fresh install:
	* vim
	* less
	* build-essential
	* libncurses5-dev
	* flex
	* bison
	* libefl-dev
	* sudo

! GCC:
	* (i386) ../gcc-4.5.1/configure --prefix=/opt/gcc --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-languages=c,c++ --with-gnu-as --with-gnu-ld --enable-tls --disable-multilib CFLAGS="-m32 -mtune=core2"

	* (amd64) ../gcc-4.5.1/configure --prefix=/opt/gcc --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-languages=c,c++ --with-gnu-as --with-gnu-ld --enable-tls --disable-multilib CFLAGS="-m64 -mtune=core2"

! kernel:
	* build kguard by adding the appropriate directives in its Makefile:
		(i386)		-m32 & -mtune
		(amd64)		-m64 & -mtune
	* add the following in the Makefile of the kernel:
	KBUILD_CFLAGS	:=
		(simple)	-fplugin=/opt/kguard/kguard.so		\
				-fplugin-arg-kguard-retprot=[1 | 0]
		(extended)	-fplugin=/opt/kguard/kguard.so		\
				-fplugin-arg-kguard-retprot=[1 | 0]	\
				-fplugin-arg-kguard-saddr=do_exit

	* add the following snippet in:
			arch/x86/kernel/acpi/realmode/Makefile
			arch/x86/boot/Makefile
		(amd64) arch/x86/vdso/Makefile

		KBUILD_CFLAGS := $(patsubst -fplugin=/opt/kguard/kguard.so,, $(KBUILD_CFLAGS))
		KBUILD_CFLAGS := $(patsubst -fplugin-arg-kguard-stub=do_exit,, $(KBUILD_CFLAGS))
		KBUILD_CFLAGS := $(patsubst -fplugin-arg-kguard-retprot=1,, $(KBUILD_CFLAGS))

	* add the following snippet in arch/x86/kernel/Makefile (amd64):
		CFLAGS_REMOVE_vsyscall_64.o = -fplugin=/opt/kguard/kguard.so -fplugin-arg-kguard-stub=do_exit -fplugin-arg-kguard-retprot=1

	* make oldconfig
	* make menuconfig
			change the processor to Core 2
		(amd64)	edit arch/x86/include/asm/system.h and add the
			__always_inline directive in rdtsc_barrier()

--------------------------------------------------------------------------------

- CVE-2009-2692, sock_sendpage()
	* the proto_ops structure that accompanies each socket in the kernel
	might contain a NULL pointer for an operation that does not implement.
	http://xorl.wordpress.com/2009/08/18/cve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference/

- CVE-2009-3547, fs/pipe.c
	* if a process attempts to open a pipe while another one releases it,
	and assuming that the release happens first, pipe_read_open(),
	pipe_write_open(), and pipe_rdwr_open(), will lead to a NULL pointer
	data dereference (inode->i_pipe). However, by mapping the correct
	struct pipe_inode_info at page zero, the kernel will call a function
	pointer under user control (inode->i_pipe->bufs[1-16].ops->something())
	http://www.uncompiled.com/2009/11/linux-2-6-x-fspipe-c-local-root-exploit-cve-2009-3547/

- CVE-2010-2959, net/can/bcm.c
	* the Controller Area Network (CAN) packet family contains an integer
	overflow vulnerability that allows an attacker to overwrite a
	SLUB-allocated structure. If the overwritten SLUBs contain function
	pointers, like shmid_kernel, user-controlled code can be invoked
	http://jon.oberheide.org/blog/2010/09/10/linux-kernel-can-slub-overflow/
	http://xorl.wordpress.com/2010/10/04/cve-2010-2959-linux-kernel-controller-area-network-integer-overflow/

- CVE-2010-3904, rds_page_copy_user()
	* due to a flaw in the handling of iovec structures by the RDS kernel
	module, a userland program could directly read or write at arbitrary
	kernel-memory locations. This allows an attacker to overwrite a kernel
	function pointer within default_security_ops, and have the kernel call
	"commit_creds(prepare_kernel_cred(0));", thereby elevating the
	attacker's privileges to root
	https://esec-lab.sogeti.com/dotclear/index.php?post/2010/10/26/Protecting-against-the-RDS-Linux-local-root-exploit-with-the-grsec-patch
	http://www.vsecurity.com/advisory/20101019-1.txt

- CVE-2010-4258, 
	* The do_exit function in kernel/exit.c in the Linux kernel before
	2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which
	allows local users to bypass intended access_ok restrictions, overwrite 
	arbitrary kernel memory locations, and gain privileges by leveraging a
	(1) BUG, (2) NULL pointer dereference, or (3) page fault, as
	demonstrated by vectors involving the clear_child_tid feature and the
	splice system call
	http://blog.nelhage.com/2010/12/cve-2010-4258-from-dos-to-privesc/

- CAP_SYS_ADMIN,
	* by leveraging a signedness error in the Phonet protocol, a malicious
	process with the CAP_SYS_ADMIN capability can craft a series of fake
	structures in userspace and cause the incrementing of an arbitrary
	kernel address, which can then leverage to execute arbitrary kernel
	code
