Now the HTML generation will point to this tree which is cool :D

37 files changed, 794 insertions, 116 deletions

diff --git a/dopreview.sh b/dopreview.sh
index 7ca3232..6150e29 100755
--- a/dopreview.sh
+++ b/dopreview.sh
@@ -15,15 +15,25 @@ if [ -z "$(whereis -b gorg | cut -d: -f2)" ];
   exit 1;
 fi
 
-for FILE in `find xml/ -iname '*.xml'`;
+rm -r html/
+for FILE in `find xml/ -type f`;
 do
-  output=${FILE%.xml}.html
-  output=html/${output#xml/}
+  output=html/${FILE#xml/}
   mkdir -p `dirname $output`
-  gorg < $FILE | \
-       sed -e 's|"/css/main.css"|"http://www.gentoo.org/css/main.css"|g' \
-           -e 's|"../../../|"http://www.gentoo.org/|g' \
-           -e 's|"/images/|"http://www.gentoo.org/images/|g' \
-           -e 's|"/|"http://www.gentoo.org/|g' | \
-       tr -d "\302" | tr -d "\240" > $output;
+  case $FILE in
+    *.xml)
+      output=${output%.xml}.html
+      gorg < $FILE | \
+           sed -e 's|"/css/main.css"|"http://www.gentoo.org/css/main.css"|g' \
+               -e 's|"../../../|"http://www.gentoo.org/|g' \
+               -e 's|"/images/|"http://www.gentoo.org/images/|g' \
+               -e 's|"/|"http://www.gentoo.org/|g' \
+               -e 's|"http://www.gentoo.org/proj/en/hardened/\([^"]*\).xml"|"\1.html"|g' \
+               -e 's|"http://www.gentoo.org/proj/en/hardened/\([^"]*\)"|"\1"|g' | \
+           tr -d "\302" | tr -d "\240" > $output;
+      ;;
+    *)
+      cp $FILE $output
+      ;;
+  esac
 done
diff --git a/html/capabilities.html b/html/capabilities.html
index 4bf9719..228f38a 100644
--- a/html/capabilities.html
+++ b/html/capabilities.html
@@ -400,7 +400,7 @@
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/capabilities.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="capabilities.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated January 22, 2005</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 POSIX capabilities are a partitioning of the all powerful root privilege into a
diff --git a/html/docs/CVS/Entries b/html/docs/CVS/Entries
new file mode 100644
index 0000000..dd0e57a
--- /dev/null
+++ b/html/docs/CVS/Entries
@@ -0,0 +1,5 @@
+/devel-chroots-intro.xml/1.1/Tue Dec 19 08:42:53 2006//
+/glossary.xml/1.2/Wed Sep 15 12:04:35 2004//
+/index.xml/1.3/Fri Mar 16 10:40:45 2007//
+/pax-howto.xml/1.2/Fri Sep 24 10:49:00 2004//
+D
diff --git a/html/docs/CVS/Repository b/html/docs/CVS/Repository
new file mode 100644
index 0000000..1f0d30e
--- /dev/null
+++ b/html/docs/CVS/Repository
@@ -0,0 +1 @@
+gentoo/xml/htdocs/proj/en/hardened/docs
diff --git a/html/docs/CVS/Root b/html/docs/CVS/Root
new file mode 100644
index 0000000..da304d3
--- /dev/null
+++ b/html/docs/CVS/Root
@@ -0,0 +1 @@
+:pserver:anonymous@anoncvs.gentoo.org/var/cvsroot
diff --git a/html/docs/devel-chroots-intro.html b/html/docs/devel-chroots-intro.html
index 6153d11..c446eb1 100644
--- a/html/docs/devel-chroots-intro.html
+++ b/html/docs/devel-chroots-intro.html
@@ -439,7 +439,7 @@ of scripts and users for having their work done!
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/devel-chroots-intro.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="devel-chroots-intro.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated December 6, 2006</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 This guide covers the installation, configuration and set up
diff --git a/html/docs/glossary.html b/html/docs/glossary.html
index b1d56b9..b7197e1 100644
--- a/html/docs/glossary.html
+++ b/html/docs/glossary.html
@@ -140,7 +140,7 @@ rules so that lml can monitor other projects like SELinux.
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/docs/glossary.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="docs/glossary.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated August 07, 2004</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 This document introduces the Gentoo Hardened project and covers
diff --git a/html/docs/pax-howto.html b/html/docs/pax-howto.html
index 3bfc2c1..e630d5c 100644
--- a/html/docs/pax-howto.html
+++ b/html/docs/pax-howto.html
@@ -246,7 +246,7 @@ to run.
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="docs/pax-howto.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated August 07, 2004</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 A quickstart covering PaX and Hardened Gentoo.
diff --git a/html/etdyn.html b/html/etdyn.html
index 64c8b3c..672ec23 100644
--- a/html/etdyn.html
+++ b/html/etdyn.html
@@ -179,7 +179,7 @@ GNU/Linux 2.0.0, dynamically linked (uses shared libs), stripped
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/etdyn.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="etdyn.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated 5 Aug 2003</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 This guide contains documentation and examples on how to create dynamic ELF executables.
diff --git a/html/gnu-stack.html b/html/gnu-stack.html
index 7f2b227..7ba1255 100644
--- a/html/gnu-stack.html
+++ b/html/gnu-stack.html
@@ -98,8 +98,8 @@ GNU-stack note to the source to indicate an executable stack is not necessary.
             </span>Finding ELFs that ask for an executable stack</p>
 <p>
 Before you can start fixing something, you have to make sure it's broken first, 
-right?  For this reason, we've developed a suite of tools named <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities</a>.  If you are not 
-familiar with these utilities, you should read the <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities Guide</a> now.  Gentoo users 
+right?  For this reason, we've developed a suite of tools named <a href="pax-utils.html">PaX Utilities</a>.  If you are not 
+familiar with these utilities, you should read the <a href="pax-utils.html">PaX Utilities Guide</a> now.  Gentoo users 
 can simply do <span class="code" dir="ltr">emerge pax-utils</span>.  Non-Gentoo users should be able to 
 find a copy of the source tarball in the <span class="path" dir="ltr">distfiles</span> on a <a href="http://www.gentoo.org/main/en/mirrors.xml">Gentoo Mirror</a>.  Once you have the PaX 
 Utilities setup on your system, we can start playing around with 
@@ -396,7 +396,7 @@ If no one can seem to answer your question, give me a poke either on irc
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="gnu-stack.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated September 29, 2010</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Handbook for proper GNU Stack management in ELF systems</p></td></tr>
 <tr><td align="left" class="topsep"><p class="alttext">
diff --git a/html/grsecurity.html b/html/grsecurity.html
index 65dffff..b13c3f6 100644
--- a/html/grsecurity.html
+++ b/html/grsecurity.html
@@ -749,7 +749,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>.
 
   </li>
   <li>
-    <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml">
+    <a href="capabilities.html">
     Capability Names and Descriptions</a>
   </li>
   <li>
@@ -758,7 +758,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>.
   </li>
 
   <li>
-    <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Using PaX with 
+    <a href="pax-quickstart.html">Using PaX with 
     Gentoo QuickStart</a> (NEW)
   </li>
   <li>
@@ -780,7 +780,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>.
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="grsecurity.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated January 5, 2010</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 This document features the grsecurity 2.x security patches, supported kernel
diff --git a/html/hardened-debugging.html b/html/hardened-debugging.html
new file mode 100644
index 0000000..bc8309e
--- /dev/null
+++ b/html/hardened-debugging.html
@@ -0,0 +1,215 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
+<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
+<title>Gentoo Linux Documentation
+--
+  Gentoo Hardened debugging</title>
+</head>
+<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
+<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
+<td width="99%" class="content" valign="top" align="left">
+<br><h1>Gentoo Hardened debugging</h1>
+<form name="contents" action="http://www.gentoo.org">
+<b>Content</b>:
+        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Solving the '??' issue.</option>
+<option value="#doc_chap2">2. Using breakpoints</option>
+<option value="#doc_chap3">3. Restoring the file after debugging</option></select>
+</form>
+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
+            </span>Solving the '??' issue.</p>
+<p>
+When debugging you'll probably have found that <span class="code" dir="ltr">GDB</span> may not show the
+addresses showing instead a stream of lines with <span class="emphasis">'??'</span> where the symbol
+should be. This can be caused by two different things.
+</p>
+<p>
+The first cause is that your <span class="code" dir="ltr">GDB</span> version is too old and is unable to
+realize that the addresses are relative. This should be fixed in the current
+stable versions of <span class="code" dir="ltr">GDB</span> so you should try to upgrade it. Other workaround
+is applying solution 3.
+</p>
+<p>
+The second reason is that your hardened kernel may be hidding the mappings. This
+is a known problem and <a href="http://forums.grsecurity.net/viewtopic.php?f=1&amp;t=2467">has been
+fixed upstream</a> so it will be fixed on further releases of
+<span class="code" dir="ltr">hardened-sources</span>. Anyway, until the fix reaches the tree and is
+stabilized, you can apply any of the solutions.
+</p>
+<p class="secthead"><a name="doc_chap1_sect2">Solution 1: Disabling RANDMMAP on the binary</a></p>
+<p>
+One solution is disabling the RANDMMAP feature with <span class="code" dir="ltr">paxctl</span> for that
+particular binary. Doing this will make Grsec disable the mapping protection for
+that binary as it makes no sense protecting it then. This means a more secure
+environment but also getting away from the way the binary would be executed on
+the real environment.
+</p>
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Disabling RANDMMAP with paxctl.</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">paxctl -r binary</span>
+</pre></td></tr>
+</table>
+<p class="secthead"><a name="doc_chap1_sect3">Solution 2: Disabling the option to hide mappings</a></p>
+<p>
+Other fix is disabling the option that hides the addresses on the PaX protected
+executables to avoid attacks based on that information. This option may make
+the things easier for an attacker until it is enabled again although also means
+that the environment will be the most similar possible to the real execution
+environment.
+</p>
+<a name="doc_chap1_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.2: Disabling the mapping hiding.</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+Address Space Protection ---&gt;
+ [ ] Remove addresses from /proc/&lt;pid&gt;/[smaps|maps|stat]
+</pre></td></tr>
+</table>
+<p class="secthead"><a name="doc_chap1_sect4">Solution 3: Linking a non PIE binary</a></p>
+<p>
+A last solution is disabling the last pie linking stage while compiling using
+<span class="code" dir="ltr">-nopie</span>. All previous compilation can still use <span class="code" dir="ltr">-fPIE</span> as normal
+(which is also the default with the hardened compiler) so that your executable
+is as close as possible to the real thing as long as the final link must create
+a regular executable.
+<br>
+Try adding <span class="code" dir="ltr">-nopie</span> to LDFLAGS if you're building with emerge.
+</p>
+<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
+            </span>Using breakpoints</p>
+<p>
+You may find that PaX may prevent <span class="code" dir="ltr">GDB</span> from setting software breakpoints,
+depending on how the kernel is configured. This includes the breakpoint at main
+which you need to get started. There are two workarounds with different
+effects and constraints to to solve this.
+</p>
+<p class="secthead"><a name="doc_chap2_sect2">Solution 1: Removing the RANDEXEC and MPROTECT flags</a></p>
+<p>
+The first solution is making PaX disable the RANDEXEC and MPROTECT features
+for the binary to be debugged. To do this you have to set with <span class="code" dir="ltr">paxctl</span> the
+<span class="code" dir="ltr">m</span> and <span class="code" dir="ltr">x</span> flags on the executable. The <span class="code" dir="ltr">x</span> flag is set by
+default, so it should suffice to do:
+</p>
+<a name="doc_chap2_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.1: Disabling MPROTECT</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">/sbin/paxctl -m binary</span>
+</pre></td></tr>
+</table>
+<p>
+After that <span class="code" dir="ltr">GDB</span> should be able to add software breakpoints on the binary,
+if it still can't try disabling the SEGMEXEC and PAGEEXEC features (flags
+<span class="code" dir="ltr">s</span> and <span class="code" dir="ltr">p</span> respectively).
+</p>
+<a name="doc_chap2_pre2"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.2: Disabling SEGMEXEC and PAGEEXEC</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">/sbin/paxctl -ps binary</span>
+</pre></td></tr>
+</table>
+<p>
+Below we'll expose what's happening on a lower level when you add a software
+breakpoint, and why PaX disallows this. You need to know a bit about how
+processors work in order to understand it. This is not needed to solve your
+problem so feel free to ignore it.
+</p>
+<p>
+When the debugger adds a soft breakpoint it changes the instruction on the
+executable memory image so it is a breakpoint instruction (on x86 and amd64
+they are the <span class="code" dir="ltr">bp</span> and <span class="code" dir="ltr">bu</span> instructions). This instruction halts the
+processor and gives the control back to the debugger and has the advantage
+that it can be set in an unlimited number of points on the program. As PaX
+disallows writes in executable memory for security reasons it is impossible for
+the debugger to modify the code and add the breakpoint.
+</p>
+<p class="secthead"><a name="doc_chap2_sect3">Solution 2: Using hardware breakpoints</a></p>
+<p>
+Another solution is using hardware breakpoints, they don't require any changes
+on PaX behavior, but they are usually limited (for example to a maximum of 4 on
+x86 and amd64 including address watchpoints) and also have the problem that they
+require the program to be already running in order to be added (although there
+is some WIP to fix this in <span class="code" dir="ltr">GDB</span>).
+</p>
+<p>
+To use them just use the <span class="code" dir="ltr">hbreak</span> instead of the <span class="code" dir="ltr">break</span> command.
+</p>
+<p>
+Below we'll expose what's happening on a lower level when you add a hardware
+breakpoint. You need to know a bit about how processors work in order to
+understand it. This is not needed to solve your problem so feel free to ignore
+it.
+</p>
+<p>
+When the debugger adds a hardware breakpoint it changes some of the
+processor registers (on x86 and amd64 they are the Dr registers) so the
+processor halts when a certain address is accessed (either for reading, writing
+or execution). As a result this implies that no data has to be written in
+memory solving the soft breakpoints problem, but also limits the number of
+available breakpoints.
+</p>
+<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
+            </span>Restoring the file after debugging</p>
+<p>
+After debugging you may want to restore the system to its normal state, if you
+used <span class="code" dir="ltr">paxctl</span> you can reset the flags to default using the <span class="code" dir="ltr">-z</span> flag.
+</p>
+<a name="doc_chap3_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing3.1: Reseting the flags back to its defaults.</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+# <span class="code-input">paxctl -z binary</span>
+</pre></td></tr>
+</table>
+<br><p class="copyright">
+    The contents of this document are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">Creative Commons -
+    Attribution / Share Alike</a> license.
+  </p>
+<!--
+  <rdf:RDF xmlns="http://web.resource.org/cc/"
+      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+  <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
+     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
+     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
+     <requires rdf:resource="http://web.resource.org/cc/Notice" />
+     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
+     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
+  </License>
+  </rdf:RDF>
+--><br>
+</td>
+<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedfaq.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated October 26, 2010</p></td></tr>
+<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
+In this document we study the ways to do proper binary debugging when using a
+hardened kernel and toolcahin with PaX/Grsec, PIE and SSP.
+</p></td></tr>
+<tr><td align="left" class="topsep"><p class="alttext">
+  <a href="mailto:klondike@xiscosoft.es" class="altlink"><b>klondike</b></a>
+<br><i>Author</i><br><br>
+  
+  Hugo Mildenberger
+<br><i>Contributor</i><br></p></td></tr>
+<tr lang="en"><td align="center" class="topsep">
+<p class="alttext"><b>Donate</b> to support our development efforts.
+        </p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
+</form>
+</td></tr>
+<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
+</table></td>
+</tr></table></td></tr>
+<tr><td colspan="2" align="right" class="infohead">
+Copyright 2001-2010 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
+</td></tr>
+</table></body>
+</html>
diff --git a/html/hardened-toolchain.html b/html/hardened-toolchain.html
index 2079abf..f3090c7 100644
--- a/html/hardened-toolchain.html
+++ b/html/hardened-toolchain.html
@@ -50,7 +50,7 @@ Normally the compiler must be explicitly directed to switch on the stack protect
 </p>
 <p class="secthead"><a name="PIEintro"></a><a name="doc_chap1_sect4">Automatic generation of Position Independent Executables (PIEs)</a></p>
 <p>
-Standard executables have a fixed base address, and they must be loaded to this address otherwise they will not execute correctly. Position Independent Executables can be loaded anywhere in memory much like shared libraries, allowing <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">PaX</a>'s Address Space Layout Randomisation (ASLR) to take effect.  This is achieved by building the code to be position-independent, and linking them as ELF shared objects.
+Standard executables have a fixed base address, and they must be loaded to this address otherwise they will not execute correctly. Position Independent Executables can be loaded anywhere in memory much like shared libraries, allowing <a href="pax-quickstart.html">PaX</a>'s Address Space Layout Randomisation (ASLR) to take effect.  This is achieved by building the code to be position-independent, and linking them as ELF shared objects.
 </p>
 <p>
 In 2003 Hardened Gentoo introduced an approach referred to as '-y etdyn' which consisted of building all code with -fPIC, and modifying the link stage to provide an ET_DYN executable using a modified PIC version of crt1.o, and setting the interp header to cause the executable to be loaded by the loader from glibc.  ET_DYN versions of the crt1.o object were created for x86, parisc, ppc and sparc.
@@ -200,7 +200,7 @@ filter-flags -fPIE
 However if an ebuild creates both executables and libraries then more detailed modifications need to be made, to add the -fno-PIE to the compilation of objects destined for the libraries.  Where an object is used for both a shared library and an executable, it is necessary to modify the build process significantly in order to obtain two objects, one built -fPIC and one built -fPIE for linking to the library and the executable respectively. Most packages that provide both a shared library and a static archive do so by using libtool which does the right thing automatically.  Both of these approaches can be taken unconditionally; i.e. it is not necessary to make such changes conditional on the presence of the hardened compiler.
 </p>
 <p>
-Occasionally application code will fail to compile with -fPIE.  If this happens it is usually down to non-position-independent assembler code, and is most prevelant on X86 which has a limited general purpose register set.  However this is rare in application code as normally application authors push most of their code into shared libraries, although it does happen.  Most position-independent build problems occur in shared libraries which are not built position-independent - this is a problem regardless of Hardened, and is nothing to do with PIE; it is just that the issue is highlighted by the hardened compiler due to the automatic enabling of -fPIE when -fPIC is not specified as described above.  See the <a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml">PIC fixing guide</a> for information on how to fix this sort of problem.
+Occasionally application code will fail to compile with -fPIE.  If this happens it is usually down to non-position-independent assembler code, and is most prevelant on X86 which has a limited general purpose register set.  However this is rare in application code as normally application authors push most of their code into shared libraries, although it does happen.  Most position-independent build problems occur in shared libraries which are not built position-independent - this is a problem regardless of Hardened, and is nothing to do with PIE; it is just that the issue is highlighted by the hardened compiler due to the automatic enabling of -fPIE when -fPIC is not specified as described above.  See the <a href="pic-fix-guide.html">PIC fixing guide</a> for information on how to fix this sort of problem.
 </p>
 <p>
 Some applications have been reported to segfault when built as PIEs.  Exactly why this occurs is unclear, but it is likely due to a compiler bug so later compiler versions may resolve such problems.
@@ -300,9 +300,9 @@ The following packages have issues with BIND_NOW at the time of writing, and it
             </span>References</p>
 <p class="secthead"><a name="gentoorefs"></a><a name="doc_chap6_sect1">Other Gentoo Documentation</a></p>
 <ul>
-<li><a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">PaX QuickStart</a></li>
-<li><a href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml">Introduction to Position-Independent Code (PIC)</a></li>
-<li><a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml">Guide to fixing non-PIC shared libraries</a></li>
+<li><a href="pax-quickstart.html">PaX QuickStart</a></li>
+<li><a href="pic-guide.html">Introduction to Position-Independent Code (PIC)</a></li>
+<li><a href="pic-fix-guide.html">Guide to fixing non-PIC shared libraries</a></li>
 </ul>
 <p class="secthead"><a name="externalrefs"></a><a name="doc_chap6_sect2">External Documentation</a></p>
 <ul>
@@ -328,7 +328,7 @@ The following packages have issues with BIND_NOW at the time of writing, and it
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardened-toolchain.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated August 31, 2006</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Technical description of, and rationale for, the Gentoo Hardened Toolchain modifications.
diff --git a/html/hardened-virtualization.html b/html/hardened-virtualization.html
index d99ed3e..4d2fa68 100644
--- a/html/hardened-virtualization.html
+++ b/html/hardened-virtualization.html
@@ -120,7 +120,7 @@ KVM related resources:
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardened-virtualization.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardened-virtualization.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated October 31, 2010</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Virtualization is a key component in current IT infrastructure. Although
diff --git a/html/hardenedfaq.html b/html/hardenedfaq.html
index 4ce39fd..63a0f8f 100644
--- a/html/hardenedfaq.html
+++ b/html/hardenedfaq.html
@@ -255,39 +255,9 @@ oolchain so that you have a consistent base:
 </table>
 <p class="secthead"><a name="hardeneddebug"></a><a name="doc_chap2_sect9">How do I debug with gdb?</a></p>
 <p>
-First gotcha is that GDB can't resolve symbols in PIEs; it doesn't realise that
-the addresses are relative in PIEs not absolute. This shows up when you try to
-get a backtrace for example, and see a stream of lines with <span class="emphasis">'??'</span> where
-the symbol should be.
-</p>
-<p>
-To get around this, do the final link stage with <span class="code" dir="ltr">-nopie</span> - all the
-preceding object compilations can still be with <span class="code" dir="ltr">-fPIE</span> as normal (i.e. the
-default with the hardened compiler) so that your executable is as close as
-possible to the real thing, but the final link must create a regular executable.
-Try adding <span class="code" dir="ltr">-nopie</span> to LDFLAGS if you're building with emerge.
-</p>
-<p>
-Another way of accomplishing this, it to emerge <span class="code" dir="ltr">&gt;=sys-devel/gdb-7.1</span>,
-which contains a special patch that makes it able to debug executables linked
-with <span class="code" dir="ltr">-pie</span>.
-</p>
-<p>
-The second gotcha is that PaX may prevent GDB from setting breakpoints,
-depending on how the kernel is configured. This includes the breakpoint at main
-which you need to get started. To stop PaX doing this, the executable being
-debugged needs the <span class="code" dir="ltr">m</span> and <span class="code" dir="ltr">x</span> flags. The <span class="code" dir="ltr">x</span> flag is set by
-default, so it is enough to do:
-</p>
-<a name="doc_chap2_pre5"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.5: Relax PaX for debug</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# <span class="code-input">/sbin/paxctl -m foo</span>
-</pre></td></tr>
-</table>
-<p>
-At this point, you should be good to go! Fire up gdb in the usual way.  Good
-luck!
+We have written a <a href="hardened-debugging.html">document
+on how to debug with Gentoo Hardened</a>, so following the recommedations
+there should fix your problem.
 </p>
 <p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
             </span>PaX Questions</p>
@@ -299,7 +269,7 @@ The homepage for PaX is located at <a href="http://pax.grsecurity.net">http://pa
 <p>
 Currently the only Gentoo documentation that exists about PaX is a PaX
 quickstart guide located at the
-<a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml</a> website.
+<a href="pax-quickstart.html">http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml</a> website.
 </p>
 <p class="secthead"><a name="paxnoelf"></a><a name="doc_chap3_sect3">I keep getting the message: "error while loading shared libraries: cannot
 make segment writable for relocation: Permission denied."  What does this
@@ -333,7 +303,7 @@ executable is using the non-PIC library.
 <p>
 To check your system for textrels, you can use the program <span class="code" dir="ltr">scanelf</span> from
 <span class="code" dir="ltr">app-misc/pax-utils</span>. For information on how to use the <span class="code" dir="ltr">pax-utils</span>
-package please consult the <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">Gentoo 
+package please consult the <a href="pax-utils.html">Gentoo 
 PaX Utilities Guide</a>.
 </p>
 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>
@@ -392,7 +362,7 @@ The homepage for Grsecurity is located at <a href="http://www.grsecurity.net">ht
 <p class="secthead"><a name="grsecgentoodoc"></a><a name="doc_chap4_sect2">What Gentoo documentation exists about Grsecurity?</a></p>
 <p>
 The most current documentation for Grsecurity is a Grsecurity2 quickstart guide
-located at <a href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml">http://www.gentoo.org/proj/en/hardened/grsecurity.xml</a>.
+located at <a href="grsecurity.html">http://www.gentoo.org/proj/en/hardened/grsecurity.xml</a>.
 </p>
 <p class="secthead"><a name="grsecnew"></a><a name="doc_chap4_sect3">Can I use Grsecurity with a recent kernel not on the tree?</a></p>
 <p>
@@ -408,14 +378,14 @@ tree.
             </span>SELinux Questions</p>
 <p class="secthead"><a name="selinuxfaq"></a><a name="doc_chap5_sect1">Where can I find SELinux related frequently asked questions?</a></p>
 <p>
-A SELinux specific FAQ can be found at <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3&amp;%0Achap=3">
+A SELinux specific FAQ can be found at <a href="selinux/selinux-handbook.xml?part=3&amp;%0Achap=3">
 http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=3&amp;
 chap=3</a>.
 </p>
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedfaq.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated November 12, 2010</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Frequently Asked Questions that arise on the #gentoo-hardened IRC channel and
diff --git a/html/hardenedxorg.html b/html/hardenedxorg.html
index cea97ae..935fe09 100644
--- a/html/hardenedxorg.html
+++ b/html/hardenedxorg.html
@@ -32,7 +32,7 @@
 <p>
 PaX, a patch for the Linux kernel, is a central part of the Hardened Gentoo
 project.  PaX provides various functionality such as ASLR and NX memory.  More
-information is available at <a href="http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml">http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml</a>
+information is available at <a href="docs/pax-howto.html">http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml</a>
 For the purposes of this document, it will be assumed that the reader has a general
 understanding of how PaX works as well as the concept of Position Independent Executables (PIE).
 </p>
diff --git a/html/index.html b/html/index.html
index 438d0c3..7a4b11c 100644
--- a/html/index.html
+++ b/html/index.html
@@ -111,7 +111,7 @@ Gentoo once they've been tested for security and stability by the Hardened team.
           </tr>
           <tr>
             <td class="tableinfo">
-              <a href="http://www.gentoo.org/proj/en/hardened/selinux/index.xml">SELinux</a>
+              <a href="selinux/index.html">SELinux</a>
             </td>
             <td class="tableinfo">pebenito</td>
             <td class="tableinfo">SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system.</td>
@@ -161,67 +161,67 @@ Hardened Gentoo subprojects.
 			project are:</p>
 <ul>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/primer.xml">
+            <a href="primer.html">
 Introduction to Hardened Gentoo
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml">
+            <a href="hardenedfaq.html">
 Hardened Frequently Asked Questions
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/roadmap.xml">
+            <a href="roadmap.html">
 Hardened Roadmap
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml">
+            <a href="hardenedxorg.html">
 Using Xorg with Hardened
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml">
+            <a href="hardened-toolchain.html">
 Hardened Toolchain Technical Description
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">
+            <a href="pax-quickstart.html">
 A quickstart covering PaX and Hardened Gentoo
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">
+            <a href="pax-utils.html">
 PaX Utils
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml">
+            <a href="grsecurity.html">
 Grsecurity2 QuickStart Guide
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml">
+            <a href="capabilities.html">
 Capabilities Listing
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml">
+            <a href="pic-guide.html">
 PIC Intro (beginner)
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pic-internals.xml">
+            <a href="pic-internals.html">
 PIC Internals (intermediate)
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml">
+            <a href="pic-fix-guide.html">
 PIC Fixing (advanced)
 </a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml">
+            <a href="gnu-stack.html">
 GNU Stack Quickstart
 </a>
           </li>
@@ -231,7 +231,7 @@ GNU Stack Quickstart
         </b>
             <ul>
               <li>
-                <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</a>
+                <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
               </li>
             </ul>
           </li>
diff --git a/html/index2.html b/html/index2.html
index 658e58e..58d40d4 100644
--- a/html/index2.html
+++ b/html/index2.html
@@ -117,7 +117,7 @@ Gentoo once they've been tested for security and stability by the Hardened team.
           </tr>
           <tr>
             <td class="tableinfo">
-              <a href="http://www.gentoo.org/proj/en/hardened/selinux/index.xml">SELinux</a>
+              <a href="selinux/index.html">SELinux</a>
             </td>
             <td class="tableinfo">pebenito</td>
             <td class="tableinfo">SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system.</td>
@@ -167,55 +167,55 @@ Hardened Gentoo subprojects.
 			project are:</p>
 <ul>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/primer.xml">
+            <a href="primer.html">
 Introduction to Hardened Gentoo</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml">
+            <a href="hardenedfaq.html">
 Hardened Frequently Asked Questions</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/roadmap.xml">
+            <a href="roadmap.html">
 Hardened Roadmap</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml">
+            <a href="hardenedxorg.html">
 Using Xorg with Hardened</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml">
+            <a href="hardened-toolchain.html">
 Hardened Toolchain Technical Description</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">
+            <a href="pax-quickstart.html">
 A quickstart covering PaX and Hardened Gentoo</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">
+            <a href="pax-utils.html">
 PaX Utils</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/grsecurity.xml">
+            <a href="grsecurity.html">
 Grsecurity2 QuickStart Guide</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml">
+            <a href="capabilities.html">
 Capabilities Listing</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml">
+            <a href="pic-guide.html">
 PIC Intro (beginner)</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pic-internals.xml">
+            <a href="pic-internals.html">
 PIC Internals (intermediate)</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml">
+            <a href="pic-fix-guide.html">
 PIC Fixing (advanced)</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/gnu-stack.xml">
+            <a href="gnu-stack.html">
 GNU Stack Quickstart</a>
           </li>
           <li>
@@ -224,7 +224,7 @@ GNU Stack Quickstart</a>
         </b>
             <ul>
               <li>
-                <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</a>
+                <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
               </li>
             </ul>
           </li>
diff --git a/html/link.5.html b/html/link.5.html
new file mode 100644
index 0000000..b5b499c
--- /dev/null
+++ b/html/link.5.html
@@ -0,0 +1,449 @@
+<html>
+<head><title>link(5) man page</title></head>
+<body>
+<pre>
+LINK(5)                     BSD File Formats Manual                    LINK(5)
+
+NAME
+     link -- dynamic loader and link editor interface
+
+SYNOPSIS
+     #include &lt;link.h&gt;
+
+DESCRIPTION
+     The include file &lt;link.h&gt; declares several structures that are present in
+     dynamically linked programs and libraries.  The structures define the
+     interface between several components of the link-editor and loader mecha-
+     nism.  The layout of a number of these structures within the binaries
+     resembles the a.out(5) format in many places as it serves such similar
+     functions as symbol definitions (including the accompanying string table)
+     and relocation records needed to resolve references to external entities.
+
+     It also records a number of data structures unique to the dynamic loading
+     and linking process.  These include references to other objects that are
+     required to complete the link-editing process and indirection tables to
+     facilitate Position Independent Code (PIC) to improve sharing of code
+     pages among different processes.
+
+     The collection of data structures described here will be referred to as
+     the Run-time Relocation Section (RRS) and is embedded in the standard
+     text and data segments of the dynamically linked program or shared object
+     image as the existing a.out(5) format offers no room for it elsewhere.
+
+     Several utilities cooperate to ensure that the task of getting a program
+     ready to run can complete successfully in a way that optimizes the use of
+     system resources.  The compiler emits PIC code from which shared
+     libraries can be built by ld(1).  The compiler also includes size infor-
+     mation of any initialized data items through the .size assembler direc-
+     tive.
+
+     PIC code differs from conventional code in that it accesses data vari-
+     ables through an indirection table, the Global Offset Table, by conven-
+     tion accessible by the reserved name _GLOBAL_OFFSET_TABLE_.  The exact
+     mechanism used for this is machine dependent, usually a machine register
+     is reserved for the purpose.  The rational behind this construct is to
+     generate code that is independent of the actual load address.  Only the
+     values contained in the Global Offset Table may need updating at run-time
+     depending on the load addresses of the various shared objects in the
+     address space.
+
+     Likewise, procedure calls to globally defined functions are redirected
+     through the Procedure Linkage Table (PLT) residing in the data segment of
+     the core image.  Again, this is done to avoid run-time modifications to
+     the text segment.
+
+     The linker-editor allocates the Global Offset Table and Procedure Linkage
+     Table when combining PIC object files into an image suitable for mapping
+     into the process address space.  It also collects all symbols that may be
+     needed by the run-time link-editor and stores these along with the
+     image's text and data bits.  Another reserved symbol, _DYNAMIC is used to
+     indicate the presence of the run-time linker structures.  Whenever
+     _DYNAMIC is relocated to 0, there is no need to invoke the run-time link-
+     editor.  If this symbol is non-zero, it points at a data structure from
+     which the location of the necessary relocation- and symbol information
+     can be derived.  This is most notably used by the start-up module, crt0.
+     The _DYNAMIC structure is conventionally located at the start of the data
+     segment of the image to which it pertains.
+
+DATA STRUCTURES
+     The data structures supporting dynamic linking and run-time relocation
+     reside both in the text and data segments of the image they apply to.
+     The text segments contain read-only data such as symbols descriptions and
+     names, while the data segments contain the tables that need to be modi-
+     fied by during the relocation process.
+
+     The _DYNAMIC symbol references a _dynamic structure:
+
+           struct  _dynamic {
+                   int     d_version;
+                   struct  so_debug *d_debug;
+                   union {
+                           struct section_dispatch_table *d_sdt;
+                   } d_un;
+                   struct  ld_entry *d_entry;
+           };
+
+     d_version  This field provides for different versions of the dynamic
+                linking implementation.  The current version numbers under-
+                stood by ld and ld.so are LD_VERSION_SUN (3), which is used by
+                the SunOS 4.x releases, and LD_VERSION_BSD (8), which is cur-
+                rently in use by NetBSD.
+
+     d_un       Refers to a d_version dependent data structure.
+
+     d_debug    this field provides debuggers with a hook to access symbol
+                tables of shared objects loaded as a result of the actions of
+                the run-time link-editor.
+
+     d_entry    this field is obsoleted by CRT interface version CRT_VER-
+                SION_BSD4, and is replaced by the crt_ldentry in crt_ldso.
+
+     The section_dispatch_table structure is the main ``dispatcher'' table,
+     containing offsets into the image's segments where various symbol and
+     relocation information is located.
+
+           struct section_dispatch_table {
+                   struct  so_map *sdt_loaded;
+                   long    sdt_sods;
+                   long    sdt_paths;
+                   long    sdt_got;
+                   long    sdt_plt;
+                   long    sdt_rel;
+                   long    sdt_hash;
+                   long    sdt_nzlist;
+                   long    sdt_filler2;
+                   long    sdt_buckets;
+                   long    sdt_strings;
+                   long    sdt_str_sz;
+                   long    sdt_text_sz;
+                   long    sdt_plt_sz;
+           };
+
+     sdt_loaded  A pointer to the first link map loaded (see below).  This
+                 field is set by ld.so(1) for the benefit of debuggers that
+                 may use it to load a shared object's symbol table.
+
+     sdt_sods    The start of a (linked) list of shared object descriptors
+                 needed by this object.
+
+     sdt_paths   Library search rules.  A colon separated list of directories
+                 corresponding to the -R option of ld(1).
+
+     sdt_got     The location of the Global Offset Table within this image.
+
+     sdt_plt     The location of the Procedure Linkage Table within this
+                 image.
+
+     sdt_rel     The location of an array of relocation_info structures (see
+                 a.out(5)) specifying run-time relocations.
+
+     sdt_hash    The location of the hash table for fast symbol lookup in this
+                 object's symbol table.
+
+     sdt_nzlist  The location of the symbol table.
+
+     sdt_filler2
+                 Currently unused.
+
+     sdt_buckets
+                 The number of buckets in sdt_hash
+
+     sdt_strings
+                 The location of the symbol string table that goes with
+                 sdt_nzlist.
+
+     sdt_str_sz  The size of the string table.
+
+     sdt_text_sz
+                 The size of the object's text segment.
+
+     sdt_plt_sz  The size of the Procedure Linkage Table.
+
+     A sod structure describes a shared object that is needed to complete the
+     link edit process of the object containing it.  A list of such objects
+     (chained through sod_next) is pointed at by the sdt_sods in the sec-
+     tion_dispatch_table structure.
+
+           struct sod {
+                   long    sod_name;
+                   u_int   sod_library : 1,
+                           sod_unused : 31;
+                   short   sod_major;
+                   short   sod_minor;
+                   long    sod_next;
+           };
+
+     sod_name     The offset in the text segment of a string describing this
+                  link object.
+
+     sod_library  If set, sod_name specifies a library that is to be searched
+                  for by ld.so.  The path name is obtained by searching a set
+                  of directories (see also ldconfig(8)) for a shared object
+                  matching lib&lt;sod_name&gt;.so.n.m.  If not set, sod_name should
+                  point at a full path name for the desired shared object.
+
+     sod_major    Specifies the major version number of the shared object to
+                  load.
+
+     sod_minor    Specifies the preferred minor version number of the shared
+                  object to load.
+
+     The run-time link-editor maintains a list of structures called link maps
+     to keep track of all shared objects loaded into a process' address space.
+     These structures are only used at run-time and do not occur within the
+     text or data segment of an executable or shared library.
+
+           struct so_map {
+                   caddr_t som_addr;
+                   char    *som_path;
+                   struct  so_map *som_next;
+                   struct  sod *som_sod;
+                   caddr_t som_sodbase;
+                   u_int   som_write : 1;
+                   struct  _dynamic *som_dynamic;
+                   caddr_t som_spd;
+           };
+
+     som_addr     The address at which the shared object associated with this
+                  link map has been loaded.
+
+     som_path     The full path name of the loaded object.
+
+     som_next     Pointer to the next link map.
+
+     som_sod      The sod structure that was responsible for loading this
+                  shared object.
+
+     som_sodbase  Tossed in later versions the run-time linker.
+
+     som_write    Set if (some portion of) this object's text segment is cur-
+                  rently writable.
+
+     som_dynamic  Pointer to this object's _dynamic structure.
+
+     som_spd      Hook for attaching private data maintained by the run-time
+                  link-editor.
+
+     Symbol description with size.  This is simply an nlist structure with one
+     field (nz_size) added.  Used to convey size information on items in the
+     data segment of shared objects.  An array of these lives in the shared
+     object's text segment and is addressed by the sdt_nzlist field of
+     section_dispatch_table.
+
+           struct nzlist {
+                   struct nlist    nlist;
+                   u_long          nz_size;
+           #define nz_un           nlist.n_un
+           #define nz_strx         nlist.n_un.n_strx
+           #define nz_name         nlist.n_un.n_name
+           #define nz_type         nlist.n_type
+           #define nz_value        nlist.n_value
+           #define nz_desc         nlist.n_desc
+           #define nz_other        nlist.n_other
+           };
+
+     nlist    (see nlist(3)).
+
+     nz_size  The size of the data represented by this symbol.
+
+     A hash table is included within the text segment of shared object to
+     facilitate quick lookup of symbols during run-time link-editing.  The
+     sdt_hash field of the section_dispatch_table structure points at an array
+     of rrs_hash structures:
+
+           struct rrs_hash {
+                   int     rh_symbolnum;           /* symbol number */
+                   int     rh_next;                /* next hash entry */
+           };
+
+     rh_symbolnum  The index of the symbol in the shared object's symbol table
+                   (as given by the ld_symbols field).
+
+     rh_next       In case of collisions, this field is the offset of the next
+                   entry in this hash table bucket.  It is zero for the last
+                   bucket element.
+     The rt_symbol structure is used to keep track of run-time allocated com-
+     mons and data items copied from shared objects.  These items are kept on
+     linked list and is exported through the dd_cc field in the so_debug
+     structure (see below) for use by debuggers.
+
+           struct rt_symbol {
+                   struct nzlist           *rt_sp;
+                   struct rt_symbol        *rt_next;
+                   struct rt_symbol        *rt_link;
+                   caddr_t                 rt_srcaddr;
+                   struct so_map           *rt_smp;
+           };
+
+     rt_sp       The symbol description.
+
+     rt_next     Virtual address of next rt_symbol.
+
+     rt_link     Next in hash bucket.  Used by internally by ld.so.
+
+     rt_srcaddr  Location of the source of initialized data within a shared
+                 object.
+
+     rt_smp      The shared object which is the original source of the data
+                 that this run-time symbol describes.
+
+     The so_debug structure is used by debuggers to gain knowledge of any
+     shared objects that have been loaded in the process's address space as a
+     result of run-time link-editing.  Since the run-time link-editor runs as
+     a part of process initialization, a debugger that wishes to access sym-
+     bols from shared objects can only do so after the link-editor has been
+     called from crt0.  A dynamically linked binary contains a so_debug struc-
+     ture which can be located by means of the d_debug field in _dynamic.
+
+           struct  so_debug {
+                   int     dd_version;
+                   int     dd_in_debugger;
+                   int     dd_sym_loaded;
+                   char    *dd_bpt_addr;
+                   int     dd_bpt_shadow;
+                   struct rt_symbol *dd_cc;
+           };
+
+     dd_version      Version number of this interface.
+
+     dd_in_debugger  Set by the debugger to indicate to the run-time linker
+                     that the program is run under control of a debugger.
+
+     dd_sym_loaded   Set by the run-time linker whenever it adds symbols by
+                     loading shared objects.
+
+     dd_bpt_addr     The address were a breakpoint will be set by the run-time
+                     linker to divert control to the debugger.  This address
+                     is determined by the start-up module, crt0.o, to be some
+                     convenient place before the call to _main.
+
+     dd_bpt_shadow   Contains the original instruction that was at
+                     dd_bpt_addr.  The debugger is expected to put this
+                     instruction back before continuing the program.
+
+     dd_cc           A pointer to the linked list of run-time allocated sym-
+                     bols that the debugger may be interested in.
+
+     The ld_entry structure defines a set of service routines within ld.so.
+     See dlfcn(3) for more information.
+
+           struct ld_entry {
+                   void    *(*dlopen)(char *, int);
+                   int     (*dlclose)(void *);
+                   void    *(*dlsym)(void *, char *);
+                   int     (*dlctl)(void *, int, void *);
+                   void    (*dlexit)(void);
+           };
+
+     The crt_ldso structure defines the interface between ld.so and the start-
+     up code in crt0.
+
+           struct crt_ldso {
+                   int             crt_ba;
+                   int             crt_dzfd;
+                   int             crt_ldfd;
+                   struct _dynamic *crt_dp;
+                   char            **crt_ep;
+                   caddr_t         crt_bp;
+                   char            *crt_prog;
+                   char            *crt_ldso;
+                   char            *crt_ldentry;
+           };
+           #define CRT_VERSION_SUN         1
+           #define CRT_VERSION_BSD2        2
+           #define CRT_VERSION_BSD3        3
+           #define CRT_VERSION_BSD4        4
+
+     crt_ba    The virtual address at which ld.so was loaded by crt0.
+
+     crt_dzfd  On SunOS systems, this field contains an open file descriptor
+               to ``/dev/zero'' used to get demand paged zeroed pages.  On
+               NetBSD systems it contains -1.
+
+     crt_ldfd  Contains an open file descriptor that was used by crt0 to load
+               ld.so.
+
+     crt_dp    A pointer to main's _dynamic structure.
+
+     crt_ep    A pointer to the environment strings.
+
+     crt_bp    The address at which a breakpoint will be placed by the run-
+               time linker if the main program is run by a debugger.  See
+               so_debug
+
+     crt_prog  The name of the main program as determined by crt0 (CRT_VER-
+               SION_BSD3 only).
+
+     crt_ldso  The path of the run-time linker as mapped by crt0 (CRT_VER-
+               SION_BSD4 only).
+
+     crt_ldentry
+               The dlfcn(3) entry points provided by the run-time linker
+               (CRT_VERSION_BSD4 only).
+
+     The hints_header and hints_bucket structures define the layout of the
+     library hints, normally found in ``/var/run/ld.so.hints'', which is used
+     by ld.so to quickly locate the shared object images in the file system.
+     The organization of the hints file is not unlike that of an a.out(5)
+     object file, in that it contains a header determining the offset and size
+     of a table of fixed sized hash buckets and a common string pool.
+
+           struct hints_header {
+                   long            hh_magic;
+           #define HH_MAGIC        011421044151
+                   long            hh_version;
+           #define LD_HINTS_VERSION_1      1
+           #define LD_HINTS_VERSION_2      2
+                   long            hh_hashtab;
+                   long            hh_nbucket;
+                   long            hh_strtab;
+                   long            hh_strtab_sz;
+                   long            hh_ehints;
+                   long            hh_dirlist;
+           };
+
+     hh_magic      Hints file magic number.
+
+     hh_version    Interface version number.
+
+     hh_hashtab    Offset of hash table.
+
+     hh_strtab     Offset of string table.
+
+     hh_strtab_sz  Size of strings.
+
+     hh_ehints     Maximum usable offset in hints file.
+
+     hh_dirlist    Offset in string table of a colon-separated list of direc-
+                   tories that was used in constructing the hints file.  See
+                   also ldconfig(8).  This field is only available with inter-
+                   face version number LD_HINTS_VERSION_2 and higher.
+
+           /*
+            * Hash table element in hints file.
+            */
+           struct hints_bucket {
+                   int             hi_namex;
+                   int             hi_pathx;
+                   int             hi_dewey[MAXDEWEY];
+                   int             hi_ndewey;
+           #define hi_major hi_dewey[0]
+           #define hi_minor hi_dewey[1]
+                   int             hi_next;
+           };
+
+     hi_namex   Index of the string identifying the library.
+
+     hi_pathx   Index of the string representing the full path name of the
+                library.
+
+     hi_dewey   The version numbers of the shared library.
+
+     hi_ndewey  The number of valid entries in hi_dewey.
+
+     hi_next    Next bucket in case of hashing collisions.
+
+BSD                            October 23, 1993                            BSD
+</pre>
+</body>
+</html>
diff --git a/html/pax-quickstart.html b/html/pax-quickstart.html
index bf8ed4d..fd434ff 100644
--- a/html/pax-quickstart.html
+++ b/html/pax-quickstart.html
@@ -251,7 +251,7 @@ to run. Often we find that we need the -m -sp combos.
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pax-quickstart.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated September 11, 2007</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 A quickstart covering PaX and Hardened Gentoo.
diff --git a/html/pax-utils.html b/html/pax-utils.html
index 485fb43..52d430c 100644
--- a/html/pax-utils.html
+++ b/html/pax-utils.html
@@ -491,7 +491,7 @@ its parent project, grsecurity. The supported kernel package is
 <span class="code" dir="ltr">sys-kernel/hardened-sources</span>.
 </p>
 <p>
-The Gentoo/Hardened project has a <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Gentoo PaX Quickstart Guide</a>
+The Gentoo/Hardened project has a <a href="pax-quickstart.html">Gentoo PaX Quickstart Guide</a>
 for your reading pleasure.
 </p>
 <p class="secthead"><a name="doc_chap3_sect2">Flags and Capabilities</a></p>
@@ -557,7 +557,7 @@ their Program Header. The following flags are supported:
 <p>
 The default Linux kernel also supports certain capabilities, grouped in the
 so-called <span class="emphasis">POSIX.1e Capabilities</span>. You can find a listing of those
-capabilities in our <a href="http://www.gentoo.org/proj/en/hardened/capabilities.xml">POSIX Capabilities</a> document.
+capabilities in our <a href="capabilities.html">POSIX Capabilities</a> document.
 </p>
 <p class="secthead"><a name="doc_chap3_sect3">Using pspax</a></p>
 <p>
diff --git a/html/pic-fix-guide.html b/html/pic-fix-guide.html
index 179eab0..d602735 100644
--- a/html/pic-fix-guide.html
+++ b/html/pic-fix-guide.html
@@ -51,8 +51,8 @@ We will update for non-x86 as we aquire details and useful examples.
             </span>Finding broken object code</p>
 <p>
 Before you can start fixing something, you got to make sure it's broken first, 
-right?  For this reason, we've developed a suite of tools named <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities</a>.  If you are not 
-familiar with these utilities, you should read the <a href="http://www.gentoo.org/proj/en/hardened/pax-utils.xml">PaX Utilities Guide</a> now.  Gentoo 
+right?  For this reason, we've developed a suite of tools named <a href="pax-utils.html">PaX Utilities</a>.  If you are not 
+familiar with these utilities, you should read the <a href="pax-utils.html">PaX Utilities Guide</a> now.  Gentoo 
 users can simply do <span class="code" dir="ltr">emerge pax-utils</span>.  Non-Gentoo users should be able 
 to find a copy of the source tarball in the <span class="path" dir="ltr">distfiles</span> on a <a href="http://www.gentoo.org/main/en/mirrors.xml">Gentoo Mirror</a>.  Once you have the PaX 
 Utilities setup on your system, we can start playing around with 
@@ -848,7 +848,7 @@ mmx32_rgb888_mask dd 00ffffffh,00ffffffh
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pic-fix-guide.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-fix-guide.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated August 19, 2007</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>A guide for tracking down and fixing .text relocations (TEXTRELs)</p></td></tr>
 <tr><td align="left" class="topsep"><p class="alttext">
diff --git a/html/pic-guide.html b/html/pic-guide.html
index 035b444..e1c4922 100644
--- a/html/pic-guide.html
+++ b/html/pic-guide.html
@@ -150,7 +150,7 @@ References:
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pic-guide.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-guide.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated October 11, 2005</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>What every developer should understand about using Position Independent Code</p></td></tr>
 <tr><td align="left" class="topsep"><p class="alttext">
diff --git a/html/pic-internals.html b/html/pic-internals.html
index fec39e1..83da327 100644
--- a/html/pic-internals.html
+++ b/html/pic-internals.html
@@ -222,7 +222,7 @@ These executables simply do not need the PIC addressing mode for their functions
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/pic-internals.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-internals.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated Feb 14 2004</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Understanding the impact of text relocations and explaining the use of PIC in shared libraries</p></td></tr>
 <tr><td align="left" class="topsep"><p class="alttext">
diff --git a/html/primer.html b/html/primer.html
index 0554ca9..16301b4 100644
--- a/html/primer.html
+++ b/html/primer.html
@@ -247,7 +247,7 @@
 <br><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/primer.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="primer.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated February 7, 2007</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>A Primer on Hardened Gentoo.</p></td></tr>
 <tr><td align="left" class="topsep"><p class="alttext">
diff --git a/html/rsbac/CVS/Entries b/html/rsbac/CVS/Entries
new file mode 100644
index 0000000..17d2fb8
--- /dev/null
+++ b/html/rsbac/CVS/Entries
@@ -0,0 +1,6 @@
+/index.xml/1.10/Mon Aug 11 01:55:38 2008//
+/intro.xml/1.1/Fri Sep 17 23:02:28 2004//
+/overview.xml/1.6/Wed Oct 12 08:24:42 2005//
+/quickstart.xml/1.11/Tue Jul  4 20:08:05 2006//
+/transition.xml/1.1/Wed Feb 15 16:22:08 2006//
+D
diff --git a/html/rsbac/CVS/Repository b/html/rsbac/CVS/Repository
new file mode 100644
index 0000000..1c5b220
--- /dev/null
+++ b/html/rsbac/CVS/Repository
@@ -0,0 +1 @@
+gentoo/xml/htdocs/proj/en/hardened/rsbac
diff --git a/html/rsbac/CVS/Root b/html/rsbac/CVS/Root
new file mode 100644
index 0000000..da304d3
--- /dev/null
+++ b/html/rsbac/CVS/Root
@@ -0,0 +1 @@
+:pserver:anonymous@anoncvs.gentoo.org/var/cvsroot
diff --git a/html/rsbac/index.html b/html/rsbac/index.html
index b5bcada..0b7175f 100644
--- a/html/rsbac/index.html
+++ b/html/rsbac/index.html
@@ -43,7 +43,7 @@ The required tool for the policies is still being developped.
 <p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
             </span>What is RSBAC?</p>
 <p>
-  <a href="http://www.rsbac.org/">RSBAC</a> (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses <a href="http://rsbac.org/documentation:different_models">several</a> well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled <a href="http://www.gentoo.org/proj/en/hardened/rsbac/overview.xml">overview</a>.
+  <a href="http://www.rsbac.org/">RSBAC</a> (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses <a href="http://rsbac.org/documentation:different_models">several</a> well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled <a href="rsbac/overview.html">overview</a>.
 </p>
 <p>
  However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution.
@@ -105,10 +105,10 @@ The required tool for the policies is still being developped.
 			project are:</p>
 <ul>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/rsbac/overview.xml">RSBAC Overview</a>
+            <a href="rsbac/overview.html">RSBAC Overview</a>
           </li>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml">RSBAC Quickstart</a>
+            <a href="rsbac/quickstart.html">RSBAC Quickstart</a>
           </li>
         </ul>
 <p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
diff --git a/html/rsbac/quickstart.html b/html/rsbac/quickstart.html
index 2c1bf09..dfff38a 100644
--- a/html/rsbac/quickstart.html
+++ b/html/rsbac/quickstart.html
@@ -144,7 +144,7 @@ unless you want to log to remote machine</span>
 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b> If you plan to run a X Window server (such as X.org or XFree86),
 please also enable <span class="code" dir="ltr">"[*] X support (normal user MODIFY_PERM access
 to ST_ioports)"</span>.  
-Please also see <a href="http://www.gentoo.org/proj/en/hardened/hardenedxorg.xml">Using Xorg on Hardened Gentoo</a></p></td></tr></table>
+Please also see <a href="hardenedxorg.html">Using Xorg on Hardened Gentoo</a></p></td></tr></table>
 <p> We will now configure PaX which is a complement of the RSBAC hardened
 kernel. It is also recommended that you enable the following options,
 in the "Security options ---&gt; PaX" section.  </p>
@@ -299,7 +299,7 @@ parameter at boot time: </p>
 mailing-list</a>. It is generally a low traffic list,
 and RSBAC announcements for Gentoo will be available
 there. We also recommend you to subscribe to the <a href="http://rsbac.org/mailman/listinfo/rsbac/">RSBAC mailing-list</a>.
-Please also check the <a href="http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml">hardened FAQ</a> as your questions might already be covered in this document.
+Please also check the <a href="hardenedfaq.html">hardened FAQ</a> as your questions might already be covered in this document.
 </p>
 <table class="ntable"> <tr>
   <td class="tableinfo">Links:</td>
@@ -327,7 +327,7 @@ Please also check the <a href="http://www.gentoo.org/proj/en/hardened/hardenedfa
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/rsbac/quickstart.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="rsbac/quickstart.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated 15 February 2006</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>This document will guide you through the installation of the
 RSBAC on Gentoo Linux</p></td></tr>
diff --git a/html/selinux/CVS/Entries b/html/selinux/CVS/Entries
new file mode 100644
index 0000000..e9e6593
--- /dev/null
+++ b/html/selinux/CVS/Entries
@@ -0,0 +1,16 @@
+/hb-install.xml/1.5/Fri Jun 25 16:07:19 2010//
+/hb-selinux-conv-profile.xml/1.10/Fri Jun 25 16:07:19 2010//
+/hb-selinux-conv-reboot1.xml/1.11/Wed Oct  6 15:11:15 2010//
+/hb-selinux-conv-reboot2.xml/1.11/Fri Jun 25 16:07:19 2010//
+/hb-selinux-faq.xml/1.4/Thu Sep  7 10:37:46 2006//
+/hb-selinux-howto.xml/1.6/Tue May 20 15:45:43 2008//
+/hb-selinux-initpol.xml/1.6/Tue May 20 15:45:43 2008//
+/hb-selinux-libsemanage.xml/1.1/Sun Oct 15 20:32:39 2006//
+/hb-selinux-localmod.xml/1.1/Sun Oct 15 20:32:39 2006//
+/hb-selinux-loglocal.xml/1.7/Tue May 20 15:45:43 2008//
+/hb-selinux-logremote.xml/1.7/Tue May 20 15:45:43 2008//
+/hb-selinux-overview.xml/1.10/Fri Jun 25 16:07:19 2010//
+/hb-selinux-references.xml/1.5/Fri Jun 25 16:07:19 2010//
+/index.xml/1.41/Wed Jul 22 13:38:18 2009//
+/selinux-handbook.xml/1.9/Fri Jun 25 16:07:19 2010//
+D
diff --git a/html/selinux/CVS/Repository b/html/selinux/CVS/Repository
new file mode 100644
index 0000000..9f509b3
--- /dev/null
+++ b/html/selinux/CVS/Repository
@@ -0,0 +1 @@
+gentoo/xml/htdocs/proj/en/hardened/selinux
diff --git a/html/selinux/CVS/Root b/html/selinux/CVS/Root
new file mode 100644
index 0000000..da304d3
--- /dev/null
+++ b/html/selinux/CVS/Root
@@ -0,0 +1 @@
+:pserver:anonymous@anoncvs.gentoo.org/var/cvsroot
diff --git a/html/selinux/hb-selinux-conv-reboot1.html b/html/selinux/hb-selinux-conv-reboot1.html
index 3724b71..bdd6e53 100644
--- a/html/selinux/hb-selinux-conv-reboot1.html
+++ b/html/selinux/hb-selinux-conv-reboot1.html
@@ -122,7 +122,7 @@ using Btrfs)</span>
   are enabled by default; thus, no options will appear in menuconfig.
 </p>
 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>It is recommended to configure PaX if you are using harded-sources (also
-recommended).  More information about Pax can be found in the <a href="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml">Hardened Gentoo
+recommended).  More information about Pax can be found in the <a href="pax-quickstart.html">Hardened Gentoo
 PaX Quickstart Guide</a>.
 </p></td></tr></table>
 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffbbbb"><p class="note"><b>Warning: </b>
diff --git a/html/selinux/index.html b/html/selinux/index.html
index 22d6ada..6835449 100644
--- a/html/selinux/index.html
+++ b/html/selinux/index.html
@@ -152,7 +152,7 @@
 			project are:</p>
 <ul>
           <li>
-            <a href="http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook</a>
+            <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
           </li>
         </ul>
 <p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8.
diff --git a/html/tmpas b/html/tmpas
new file mode 100644
index 0000000..4f04d7d
--- /dev/null
+++ b/html/tmpas
@@ -0,0 +1 @@
+]&~o#MTV^"ZG:<nxeNg4cM0K^C"}Qi~:TXcBFl!nq=0x( rer\?o_'KwZutkp#
diff --git a/html/toolchain-upgrade-guide.html b/html/toolchain-upgrade-guide.html
index 8a44422..0c663ee 100644
--- a/html/toolchain-upgrade-guide.html
+++ b/html/toolchain-upgrade-guide.html
@@ -32,7 +32,7 @@
 <p class="secthead"><a name="Rationale"></a><a name="doc_chap1_sect1">Rationale for re-working the hardened toolchain.</a></p>
 <p>
 The gcc-3/glibc-2.3 toolchain has been working reasonably well for
-<a href="http://www.gentoo.org/proj/en/hardened/">Hardened Gentoo</a>
+<a href="">Hardened Gentoo</a>
 for a few years now.  However while it has gained in maturity, there are a
 number of known issues that have proven unresolvable so far.  Most issues are
 relatively minor and only show up in rare circumstances, however it has become
@@ -232,7 +232,7 @@ advice on common GCC upgrade pitfalls.
             </span>References</p>
 <p class="secthead"><a name="gentoorefs"></a><a name="doc_chap3_sect1">Other Gentoo Documentation</a></p>
 <ul>
-<li><a href="http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml">
+<li><a href="hardened-toolchain.html">
 Technical Description of the Gentoo Hardened Toolchain</a></li>
 <li><a href="http://www.gentoo.org/doc/en/gcc-upgrading.xml">Standard Gentoo GCC Upgrade Guide</a></li>
 </ul>
@@ -255,7 +255,7 @@ Technical Description of the Gentoo Hardened Toolchain</a></li>
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="toolchain-upgrade-guide.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated February 22, 2007</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Guide for upgrading from hardened gcc-3/glibc-2.3/binutils-2.16 to gcc-4/glibc-2.5/binutils-2.17.