[uClibc] Hardened-lfs using uClibc
robert at linuxfromscratch.org
Mon Dec 6 03:11:34 UTC 2004
Hello. I would like to casually announce hardened-linuxfromscratch has
recently decided to use uClibc in its toolchain. Key features so far include
uClibc (optimized for speed not size), propolice stack guard, a pic/pie
toolchain, PaX/Grsecurity kernel, and Frandom. The packages are otherwise the
same as linuxfromscratch's base; gnu coreutils, man pages, robust development
enviroment (no busybox). The build is native and bootstrapped, only the
initial toolchain is cross compiled.
Hardened-lfs is a security oriented project currently in alpha stages. The
first minor release, in text, is available here:
Many improvements have already been added to the svn server. Snapshots and new
releases will be available shortly, and conversion to xml/html is underway.
All packages have instructions for dynamic linking. More critical packages,
such as Bash and Coreutils, have optional instructions for static linking.
The goal of the static linking option is to allow the machine to boot and
allow root to login and repair the system in the event that ld.so, or
libc.so, is missing or damaged. There are several issues needed to be worked
out, like linking and testsuite bugs, but the finished system is usable.
There are plans to have beyond-hardened-lfs hints and docs for packages like
openssl, busybox, etc. Only the i386 platform is supported at this time.
There is no date set for a stable release.
Svn repo is available here:
svn co svn://svn.linuxfromscratch.org/HLFS/trunk HLFS
There is a mailing list listed on the homepage here:
More information about the uClibc