[lfs-fr] r1345 - trunk/hlfs

jmengual at linuxfromscratch.org jmengual at linuxfromscratch.org
Dim 19 Juin 08:58:29 PDT 2011


Author: jmengual
Date: 2011-06-19 17:58:29 +0200 (Sun, 19 Jun 2011)
New Revision: 1345

Removed:
   trunk/hlfs/changes.txt
   trunk/hlfs/downloads/
   trunk/hlfs/final_system/
   trunk/hlfs/kernel-config.txt
   trunk/hlfs/readme.txt
   trunk/hlfs/things_we_do.txt
Log:
Desole des nombreux messages, bientot la fin (3 ou 4 commits).


Deleted: trunk/hlfs/changes.txt
===================================================================
--- trunk/hlfs/changes.txt	2011-06-19 15:56:24 UTC (rev 1344)
+++ trunk/hlfs/changes.txt	2011-06-19 15:58:29 UTC (rev 1345)
@@ -1,16 +0,0 @@
-# L'option '-N' de patch est supprimée car elle supporte des correctifs
-# cassés (voir la page de manuel patch(1) ).
-
-# Installation des pages de manuel et info dans le répertoire objet, afin qu'ils
-# ne soient pas installés dans /tools, avec --infodir=$(pwd)/DESTDIR
-# --mandir=$(pwd)/DESTDIR, ou avec tout autre procédé.
-
-# Support d'un x86_32 et x86_64 natif. Pas de multilib, de compilation croisée,
-# ou d'émulation.
-# Contactez la liste de diffusion si vous voulez aider à ajouter le support de
-# davantage de plateformes.
-
-# Ajout de plusieurs petits changements aux outils, nécessaires pour démarrer
-# le système temporaire. Ces changements ont été apportés à e2fsprogs, sysvinit,
-# udev et util-linux. Ajout du répertoire booting_temporary et des pages.
-

Deleted: trunk/hlfs/kernel-config.txt
===================================================================
--- trunk/hlfs/kernel-config.txt	2011-06-19 15:56:24 UTC (rev 1344)
+++ trunk/hlfs/kernel-config.txt	2011-06-19 15:58:29 UTC (rev 1345)
@@ -1,85 +0,0 @@
-This page needs to add additional information about what is needed to get the
-Glibc test suite to pass, such as the SysV module.
-
-Enable extended attributes for your file system, for file system Posix
-capabilities, Access Control Lists, and security markings:
-	CONFIG_EXT2_FS_XATTR
-	CONFIG_EXT3_FS_XATTR
-	CONFIG_REISERFS_FS_XATTR
-	CONFIG_EXT2_FS_POSIX_ACL
-	CONFIG_EXT3_FS_POSIX_ACL
-	CONFIG_REISERFS_FS_POSIX_ACL
-	CONFIG_EXT2_FS_SECURITY
-	CONFIG_EXT3_FS_SECURITY
-	CONFIG_REISERFS_FS_SECURITY
-
-Enable Linux capabilities, and filesystem capabilities:
-	CONFIG_SECURITY_CAPABILITIES
-	CONFIG_SECURITY_FILE_CAPABILITIES
-
-Enable Loop-AES for encrypted swap:
-	BLK_DEV_LOOP_AES
-	BLK_DEV_LOOP_KEYSCRUB
-
-All the Grsec and PaX options can be enabled, but some should be disabled for
-the best security. 
-
-Do _NOT_ enable the following (we don't need, or use, them): 
-	CONFIG_PAX_SOFTMODE
-	CONFIG_PAX_EI_PAX
-	CONFIG_PAX_EMUTRAMP
-
-The SOFTMODE means settings will not be enforced; this is for curious users or
-for debugging problems. EI_PAX is for supporting legacy markings which we do
-not have (see below). PAX_EMUTRAMP is usefull for Glibc's localedef if it is
-not modified, but in general the PAX_EMUTRAMP option should be avoided if
-possible. These three options reduce security.
-
-Do enable the following:
-	CONFIG_PAX_PT_PAX_FLAGS
-
-This option tells the PaX kernel that we have PaX elf header markings, which
-are placed by our patched version of Binutils. This is the preferred method
-which replaces EI_PAX.
-
-Under "Grsecurity -> Executable Protections -> Trusted Path Execution" you may
-want to enable:
-	CONFIG_GRKERNSEC_TPE
-
-This option enables 'Trusted Path Execution'. Like the help says, this option
-is used to restrict which programs users can run depending on the program
-ownership and permissions. This can disallow users from running programs they
-build or install.
-
-Most administrators will not want to enable this option. This slightly loosens
-the 'Trusted Path Execution' restrictions, allowing users to run thier own
-programs, but not programs in another user's directory.
-
-	CONFIG_GRKERNSEC_TPE_ALL
-
-To only allow selected users to run their own programs enable:
-	CONFIG_GRKERNSEC_TPE_INVERT
-
-Choose the numeric GID for your trusted group. Users in this group will be able
-to run programs that are not in a directory owned by root, or programs that are
-world or group writtable. Generally this means these users can run their own
-programs. If you compile software as a non-root user, then that user will need
-to be added to this group. Alternately you could set this to GID 0, and add
-your trusted users to the root group. Otherwise you will probably need to run
-something like groupadd -g 1005 trusted.
-
-If you plan to use the X11 windowing system, then the options
-CONFIG_GRKERNSEC_KMEM and CONFIG_GRKERNSEC_IO, in the Grsecurity "Address Space
-Protection" menu, should be disabled. See the help for those options for more
-details.
-
-Be warned that the CONFIG_GRKERNSEC_IO option, which disallows modifying the
-kernel in memory while its loaded, breaks pnpdump(8) from Isatools.
-
-All the rest of the options will increase system security.
-
-The kernel will build with -D_FORTIFY_SOURCE=2, and will disable SSP
-automatically. There is a performance penalty when building the kernel with
--D_FORTIFY_SOURCE=2, which can be disabled by building with make
-CC="gcc -U_FORTIFY_SOURCE".
-

Deleted: trunk/hlfs/readme.txt
===================================================================
--- trunk/hlfs/readme.txt	2011-06-19 15:56:24 UTC (rev 1344)
+++ trunk/hlfs/readme.txt	2011-06-19 15:58:29 UTC (rev 1345)
@@ -1,73 +0,0 @@
-Onward branch:
-
-October 4rth, 2008
-
-Hardened LinuxFromScratch was born on the lfs-security mailing list in late
-2003. The philosophy is based on learning, one step at a time, 
-how to harden a Linux system. This was something that was traditionally left
-to someone else, such as Hardened Gentoo
-(http://www.gentoo.org/proj/en/hardened/), Owl Linux
-(http://www.openwall.com/Owl/), OpenBSD (http://www.openbsd.org/), and others.
-This was unsatisfying to a do-it-yourselfer, and so Hardened LinuxFromScratch
-emerged.
-
-The ProPolice and PIE LFS hints paved the way, and it became apparent that a
-new book was more practical than following multiple LFS hints. 
-The majority of changes and additions were to the toolchain (GCC, Binutils,
-the C library, and the Linux kernel), and how packages were compiled. Although
-it is part of the scope of Hardened LinuxFromScratch, the setup of packages
-(especially network) has been neglected. In general HLFS has taken the
-initiative, when feasible, to fix system vulnerabilities, and is not following
-or directed by any outside project.
-
-Unlike distributions who have to maintain reverse compatibility, HLFS is from
-scratch and can redesign itself at any time, if there's a reason to. This
-advantage has been embraced. Anything can be removed, changed, or added,
-without regard to previous versions, because each build is bootstrapped.
-
-A stable version of the book has been in reach several times, but has always
-been pushed aside for further advancement and new features. Since 2003, Stack
-Smashing Protector (http://www.trl.ibm.com/projects/security/ssp/), PaX
-(http://pax.grsecurity.net/) compliance, Grsecurity
-(http://www.grsecurity.net/), run-time string buffer overflow detection
-(http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html), Linux Posix
-capabilities
-(http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/), and
-various other additions have been integrated to the build.
-
-During 2008 the Linux kernel added file attributes for posix capabilities,
-which were integrated with HLFS (in the Shadow package). This caused a
-dependency on a new kernel, and was adopted as an opportunity to eliminate
-host system dependencies by adding a reboot after the temporary tools are
-installed. In turn, this added complications. An html book could not be read
-without an html viewer in the rebooted system, so a simpler solution was plain
-text. A plain text book can be run as shell scripts for convenience.
-
-Additionally, both LFS and HLFS have come to recognize that it is unacceptable
-for package management to be completely neglected. From the standpoint of HLFS,
-this issue is with file management, rather than package management, but the
-two are closely related. A responsible administrator should account for each
-file, where it came from, and what its purpose is. Furthermore, with posix
-capabilities, it is more secure if root does not own any files on the system,
-because a process running as root without the FOWNER capability would be
-unable to overwrite files not owned by root, and this would make it more
-difficult for root to be exploited.
-
-A two user package/file management system was found to be the most practical
-solution. This means new packages are installed by an admin-helper. The
-package's installed files are recorded, and the ownership is changed to the
-admin. This stops new packages from overwriting the files of another package,
-allows us to catalog installed package files (so ownership can be reverted for
-upgrades), and disallows root from modifying them without the FOWNER
-capability. A multi-user package management system (such as the
-more_control_and_pkg_man.txt LFS hint) was found to be overly complicated,
-and has no advantage over the two user system.
-
-More recently, chroot additions are being considered where ever possible.
-
-As a result of all this, the HLFS book is in a state of change, and has
-stopped development of the xml/html book until things become decided. The book
-and build system are becoming integrated, and so everything needs to be
-thought through before the new Onward branch can be written.
-
-robert

Deleted: trunk/hlfs/things_we_do.txt
===================================================================
--- trunk/hlfs/things_we_do.txt	2011-06-19 15:56:24 UTC (rev 1344)
+++ trunk/hlfs/things_we_do.txt	2011-06-19 15:58:29 UTC (rev 1345)
@@ -1,36 +0,0 @@
-# Le correctif issetugid() de Glibc n'est plus utilisé. issetugid() pouvait 
-# être préchargé à partir d'une bibliothèque définie par l'utilisateur, comme 
-# getuid() ou getgid(), donc issetugid() n'a aucun avantage. Dans BSD et solaris,
-# issetugid() est un syscall du noyau et est plus sûre. Avec Linux, nous
-# devrions utiliser __libc_enable_secure(), qui est équivalent,
-# mais qui exige des paquets pour être corrigée. On devrait rechercher la 
-# fonction issetugid() de tous les paquets, laquelle devrait être remplacée par
-# __libc_enable_secure().
-
-# Object directories are used whenever possible, to support building from
-# read-only sources. One day this may be usefull, such as building from source
-# which were unpacked on to a cdrom, or read-only partition.
-
-# In tools we don't let packages install to /tools/libexec/, for consistancy.
-
-# Avoid installing docs to /tools, since we're not going to use them.
-
-# It would be nice to optionally strip packages as they're installed.
-
-# Bison, Flex, and M4, are needed when using snapshots of GCC (or Binutils).
-
-# Everything in /tools is hardened so that we reboot into a hardened system.
-
-# The --fatal-warnings linker option is used primarily for locating
-# DT_TEXTREL, with --warn-shared-textrel, but also causes compiler errors
-# when mktemp(3) or tmpnam(3) are used... so we have zero tolerance for these.
-
-# Whatever bug fix patches are normally used in Chap6, we use them in /tools,
-# because we're going to reboot /tools.
-
-# When package maintainers offer a GnuPG signature, or md5/sha, file, then
-# use that instead of making our own md5sum.
-
-# Don't install anything to /tools/sbin, since only the administrator uses
-# /tools there is no need to have another directory for admin applications.
-




More information about the lfs-traducfr mailing list