Lunar Linux Hardened

(Difference between revisions)
Jump to: navigation, search
(coreutils 6.7)
(glibc 2.5)
Line 72: Line 72:
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
<table cellspacing="0" cellpadding="0" border="0" style="border: 1px solid #000000; text-align: center; margin: 0 auto; width: 100%;">
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">blowfish.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">blowfish.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch adds blowfish crypto to libcrypt.</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch adds blowfish crypto to libcrypt.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">branch_update-2.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">branch_update-2.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details.</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">dl_execstack_PaX-1.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">dl_execstack_PaX-1.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Pax. http://pax.grsecurity.net/</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Pax. http://pax.grsecurity.net/</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">hardened_tmp-1.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">hardened_tmp-1.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts.</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">iconv_unnest-1.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">iconv_unnest-1.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Move nested function to a static one so we avoid generating a trampoline.</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Move nested function to a static one so we avoid generating a trampoline.</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">localedef_segfault-1.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">localedef_segfault-1.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">pt_pax-1.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">pt_pax-1.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Pax. http://pax.grsecurity.net/</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">This is needed for Pax. http://pax.grsecurity.net/</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 150px;">strlcpy_strlcat-1.patch</td>
+
         <td style="padding: 3px; vertical-align: top; background-color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 180px;">strlcpy_strlcat-1.patch</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #a1a1a1; color: #d1d1d1; border-bottom: 1px dashed #000000; text-align: left; width: 10px;">-</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">http://www.courtesan.com/todd/papers/strlcpy.html</td>
 
         <td style="padding: 3px; vertical-align: top; background-color: #c0c0c0; border-bottom: 1px dashed #000000; text-align: left;">http://www.courtesan.com/todd/papers/strlcpy.html</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>

Revision as of 23:04, 9 March 2007

Contents

Hardened Lunar Linux

The maingoal of this project might be to have a Lunar Linux with security enhancements. The most modules will be patched with patches we've written or others written. Others could be Linux-from-Scratch users or other Distributions. As long as we keep credits - This should be okay.

Language

The mainproblem is my language - so if you read things you don't understand please ask me - My english isn't as good as yours so probably i would be happy for corrections ;-)

Warning

This project is in an experimental state - So use it only if you want to play with it or if you want help developing it. It's not for production use right now.

The Patches

gcc 4.1.2

posix-1.patch - Makes GCC Posix Compliant

binutils 2.17

branch_update-1.patch - This is the binutils-2_17-branch (bug fix branch) update, compared from binutils-2.17-release and binutils-2_17-branch with all the fluff removed (CVS entries, maintainer files, etc). This patch should be updated periodically.
hardened_tmp-3.patch - This patch uses mkstemp(3) and mkdtemp(3) for temporary file creation, if they are available, rather than the default mktemp(3). This is safer and removes some compiler warnings.
lazy-1.patch - This adds -z lazy option, inverse of -z now.
pt_pax-1.patch - This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/
posix-1.patch - Makes binutils Posix Compliant

coreutils 6.7

i18n-1.patch - This patch fixes various problems with multibyte character support.
uname-1.patch - Fix the output of uname once and for all.

glibc 2.5

blowfish.patch - This patch adds blowfish crypto to libcrypt.
branch_update-2.patch - This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details.
dl_execstack_PaX-1.patch - This is needed for Pax. http://pax.grsecurity.net/
hardened_tmp-1.patch - This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts.
iconv_unnest-1.patch - Move nested function to a static one so we avoid generating a trampoline.
localedef_segfault-1.patch - Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438
pt_pax-1.patch - This is needed for Pax. http://pax.grsecurity.net/
strlcpy_strlcat-1.patch - http://www.courtesan.com/todd/papers/strlcpy.html
Personal tools
Namespaces
Variants
Actions
Wiki Navigation
Project Sites
Toolbox