Lunar Linux Hardened
(→coreutils 6.7) |
(→The Patches) |
||
| Line 13: | Line 13: | ||
== The Patches == | == The Patches == | ||
| − | You will see "Status:" in the following sections. Status 1 means i tested it on my local system (Athlon XP 2600+, 512 MB Ram, Vanilla 2.6.20 Kernel) | + | You will see "Status:" in the following sections. Status 1 means i tested is it compiling and does it seem working, on my local system (Athlon XP 2600+, 512 MB Ram, Vanilla 2.6.20 Kernel). Status 2 means i tested it a bit more and recompiled it several times. Status 3 means other people have tested it, too but it wasn't working sometimes. Status 4 means other people have tested it, too and it was working everywhere. |
So: | So: | ||
| − | Status 1 is really really alpha. | + | * Status 0 is untested. |
| − | Status 2, too. | + | * Status 1 is really really alpha. |
| − | Status 3 is beta. | + | * Status 2, too. |
| − | Status 4 is ready to go ;-) | + | * Status 3 is beta. |
| + | * Status 4 is ready to go ;-) | ||
=== gcc 4.1.2 === | === gcc 4.1.2 === | ||
Revision as of 23:43, 9 March 2007
Contents |
Hardened Lunar Linux
The maingoal of this project might be to have a Lunar Linux with security enhancements. The most modules will be patched with patches we've written or others written. Others could be Linux-from-Scratch users or other Distributions. As long as we keep credits - This should be okay.
Language
The mainproblem is my language - so if you read things you don't understand please ask me - My english isn't as good as yours so probably i would be happy for corrections ;-)
Warning
This project is in an experimental state - So use it only if you want to play with it or if you want help developing it. It's not for production use right now.
The Patches
You will see "Status:" in the following sections. Status 1 means i tested is it compiling and does it seem working, on my local system (Athlon XP 2600+, 512 MB Ram, Vanilla 2.6.20 Kernel). Status 2 means i tested it a bit more and recompiled it several times. Status 3 means other people have tested it, too but it wasn't working sometimes. Status 4 means other people have tested it, too and it was working everywhere.
So:
- Status 0 is untested.
- Status 1 is really really alpha.
- Status 2, too.
- Status 3 is beta.
- Status 4 is ready to go ;-)
gcc 4.1.2
Status: 1
| posix-1.patch | - | Makes GCC Posix Compliant |
binutils 2.17
Status: 1
| branch_update-1.patch | - | This is the binutils-2_17-branch (bug fix branch) update, compared from binutils-2.17-release and binutils-2_17-branch with all the fluff removed (CVS entries, maintainer files, etc). This patch should be updated periodically. |
| hardened_tmp-3.patch | - | This patch uses mkstemp(3) and mkdtemp(3) for temporary file creation, if they are available, rather than the default mktemp(3). This is safer and removes some compiler warnings. |
| lazy-1.patch | - | This adds -z lazy option, inverse of -z now. |
| pt_pax-1.patch | - | This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/ |
| posix-1.patch | - | Makes binutils Posix Compliant |
coreutils 6.7
Status: 1
| i18n-1.patch | - | This patch fixes various problems with multibyte character support. |
| uname-1.patch | - | Fix the output of uname once and for all. |
glibc 2.5
| blowfish.patch | - | This patch adds blowfish crypto to libcrypt. |
| branch_update-2.patch | - | This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details. |
| dl_execstack_PaX-1.patch | - | This is needed for Pax. http://pax.grsecurity.net/ |
| hardened_tmp-1.patch | - | This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts. |
| iconv_unnest-1.patch | - | Move nested function to a static one so we avoid generating a trampoline. |
| localedef_segfault-1.patch | - | Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438 |
| pt_pax-1.patch | - | This is needed for Pax. http://pax.grsecurity.net/ |
| strlcpy_strlcat-1.patch | - | http://www.courtesan.com/todd/papers/strlcpy.html |
