CRUX

Roadmap for version 3.4 Expand all | Collapse all

25% of 4 tasks completed. 3 open tasks:

FS#1201 - Minor Handbook Changes To Introduce Package System Expand Collapse
As a CRUX newbie, I was challenged to grok the package system from the Handbook. I offer the attached small ed file to clarify (1) the expected skills to work with CRUX, and (2) clarification of what packages are and how the package system maps into the standard recipe for installing tarballs.
FS#1467 - gcc: enable default pie and ssp Expand Collapse
Please consider adding --enable-default-pie and --enable-default-ssp to the configure command of the gcc port.

While the use of -fstack-protector-strong in CFLAGS (/etc/pkgmk.conf) is easy and can be done by the user, and using --enable-default-ssp only brings CRUX closer to other Linux distributions (Debian, Arch, Void, ...) :), the -fPIE and -pie is difficult to be enabled with /etc/pkgmk.conf, because it needs a linker option too and a lot of programs ignore LDFLAGS and CFLAGS when linking. Not to mention that CFLAGS in pkgmk.conf applies to shared libraries as well (making the build to fail).

Some programs won't build with these options (more with pie than with ssp) but the most important maybe are already fixed upstream (-no-pie, -fno-stack-protector).

There is a speed penalty with these options, more with ssp than with pie.

[1]: https://wiki.gentoo.org/wiki/Hardened/Toolchain

Btw, playing with the hardening-check script from Debian I see that the read-only relocations are already in place.

FS#1469 - Include and enable PAM in distro packages. Expand Collapse
Just a security issue. And for hardening it will be good.
Fork bomb and fixing it with ulimit, for example. It fixes in in x11 due to login manager with pam enabled, but not in tty.

Text Version