Hardened Lunar Linux
The maingoal of this project might be to have a Lunar Linux with security enhancements. The most modules will be patched with patches we've written or others written. Others could be Linux-from-Scratch users or other Distributions. As long as we keep credits - This should be okay.
Language
The mainproblem is my language - so if you read things you don't understand please ask me - My english isn't as good as yours so probably i would be happy for corrections ;-)
Warning
This project is in an experimental state - So use it only if you want to play with it or if you want help developing it. It's not for production use right now.
The Patches
gcc 4.1.2
| posix-1.patch |
- |
Makes GCC Posix Compliant |
binutils 2.17
| branch_update-1.patch |
- |
This is the binutils-2_17-branch (bug fix branch) update, compared from binutils-2.17-release and binutils-2_17-branch with all the fluff removed (CVS entries, maintainer files, etc). This patch should be updated periodically. |
| hardened_tmp-3.patch |
- |
This patch uses mkstemp(3) and mkdtemp(3) for temporary file creation, if they are available, rather than the default mktemp(3). This is safer and removes some compiler warnings. |
| lazy-1.patch |
- |
This adds -z lazy option, inverse of -z now. |
| pt_pax-1.patch |
- |
This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/ |
| posix-1.patch |
- |
Makes binutils Posix Compliant |
coreutils 6.7
| i18n-1.patch |
- |
This patch fixes various problems with multibyte character support. |
| uname-1.patch |
- |
Fix the output of uname once and for all. |
glibc 2.5
| blowfish.patch |
- |
This patch adds blowfish crypto to libcrypt. |
| branch_update-2.patch |
- |
This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details. |
| dl_execstack_PaX-1.patch |
- |
This is needed for Pax. http://pax.grsecurity.net/ |
| hardened_tmp-1.patch |
- |
This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts. |
| iconv_unnest-1.patch |
- |
Move nested function to a static one so we avoid generating a trampoline. |
| localedef_segfault-1.patch |
- |
Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438 |
| pt_pax-1.patch |
- |
This is needed for Pax. http://pax.grsecurity.net/ |
| strlcpy_strlcat-1.patch |
- |
http://www.courtesan.com/todd/papers/strlcpy.html |
