[gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/uclibc: index.xml - gentoo-commits

From:	"Anthony G. Basile (blueness)" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/uclibc: index.xml
Date:	Fri, 02 Nov 2012 03:22:49
Message-Id:	`20121102032231.6446D21600@flycatcher.gentoo.org`

1

blueness    12/11/02 03:22:31

2

3

  Added:                index.xml

4

  Log:

5

  add page for hardened uclibc project

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/proj/en/hardened/uclibc/index.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/uclibc/index.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/uclibc/index.xml?rev=1.1&content-type=text/plain

12

13

Index: index.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/project.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE project SYSTEM "/dtd/project.dtd">

19

<project>

20

21

<name>Hardened uClibc</name>

22

<longname>Porting Tool chain and Kernel Hardening to uClibc based systems</longname>

23

24

<description>

25

This subproject aims to port both tool chain and kernel hardening to uClibc

26

based systems for a variety of architectures.  The project treats uClibc as an

27

alternative to glibc, and not necessarily as "embedded".  The aim is a fully

28

featured system, and not one based primarily on busybox.

29

</description>

30

31

<longdescription>

32

<p>

33

All modern operating systems are comprised of a kernel and user land.  The

34

former deals with hardware and resource management at the highest privilege

35

level (ring 0) while the later deals with the end user and operates at the lowest

36

privilege level (ring 3).  The two interface at one central library referred to

37

as "the C standard library."  By far, the most popular is "The GNU C library", or

38

<uri link="http://www.gnu.org/software/libc/">glibc</uri> for short; but, for

39

embedded systems <uri link="http://www.uclibc.org/">uClibc</uri> is the standard

40

library of choice, although there are other competitors (see <uri link="http://www.musl-libc.org/">musl</uri>).

41

uClibc (where the "u" is sometimes written as the Greek "mu" for "micro") is much

42

smaller than glibc, less bloated, much faster, and very configurable.

43

</p>

44

45

<p>

46

Continued developments in uClibc have made it increasingly suitable for fully

47

featured systems, even desktops.  The recent addition of the native POSIX thread

48

library (see <uri link="http://en.wikipedia.org/wiki/Native_POSIX_Thread_Library">nptl</uri>)

49

meant that we could finally implement our complete complement of tool chain

50

hardening from glibc:

51

</p>

52

53

<ul>

54

<li>stack smashing protection (<uri link="http://en.wikipedia.org/wiki/Buffer_overflow_protection">ssp</uri>),

55

which came with nptl</li>

56

<li>position independent execution (<uri link="http://en.wikipedia.org/wiki/Position-independent_code">pie</uri>)</li>

57

<li>bind now and relro, linker hardening to protect the global offset table</li>

58

</ul>

59

60

<p>

61

These are complemented by the kernel hardening, especially

62

<uri link="http://pax.grsecurity.net/">PaX</uri>'s enhanced address space

63

layout randomization (<uri link="http://pax.grsecurity.net/docs/aslr.txt">aslr</uri>).

64

</p>

65

66

<p>

67

So, this subproject aims to port both tool chain and kernel hardening to uClibc

68

based systems for a variety of architectures, treating uClibc more as a

69

drop in alternative to glibc, and not necessarily as "embedded".  Embedded

70

systems aim to produce kernels and user lands with tiny footprints, and so

71

tend to use busybox as their "Swiss Army Knife" of common UNIX utilities.

72

While not excluding this possibility, we aim at making most (all?) of Gentoo's

73

packages both hardened and uClibc compatible.

74

</p>

75

</longdescription>

76

77

<goals>

78

<p>

79

The project goals can be best summarized by the following chart:

80

</p>

81

82

<table>

83

<tr>

84

	<th>Arch</th>

85

	<th>Subarchs</th>

86

	<th>Tool Chain Hardening</th>

87

	<th>Kernel Hardening</th>

88

	<th>Installation Media</th>

89

	<th>Downloads</th>

90

</tr>

91

<tr>

92

	<ti>amd64</ti>

93

	<ti>Generic</ti>

94

	<ti>Yes</ti>

95

	<ti>Yes</ti>

96

	<ti>stage3 livecd desktop</ti>

97

	<ti>[mirror]/experimental/amd64/uclibc</ti>

98

</tr>

99

<tr>

100

	<ti>arm</ti>

101

	<ti>armv7a/softfloat</ti>

102

	<ti>Yes</ti>

103

	<ti>No</ti>

104

	<ti>stage4</ti>

105

	<ti>[mirror]/experimental/arm/uclibc</ti>

106

</tr>

107

<tr>

108

	<ti>mips</ti>

109

	<ti>mips32r2 mipsel32r2</ti>

110

	<ti>Yes</ti>

111

	<ti>No</ti>

112

	<ti>stage4</ti>

113

	<ti>[mirror]/experimental/mips/uclibc</ti>

114

</tr>

115

<tr>

116

	<ti>ppc</ti>

117

	<ti>Not Yet</ti>

118

	<ti>Not Yet</ti>

119

	<ti>Not Yet</ti>

120

	<ti>Not Yet</ti>

121

	<ti>Not Yet</ti>

122

</tr>

123

<tr>

124

	<ti>x86</ti>

125

	<ti>i686</ti>

126

	<ti>Yes</ti>

127

	<ti>Yes</ti>

128

	<ti>stage3</ti>

129

	<ti>[mirror]/experimental/x86/uclibc</ti>

130

</tr>

131

</table>

132

133

<ul>

134

<li>Yes = competed</li>

135

<li>Not Yet = in progress</li>

136

<li>No = no plans</li>

137

<li>NA = not applicable</li>

138

<li>stage3 = catalyst built stages 1, 2 and 3 available (ideal)</li>

139

<li>stage4 = manually tarballed minimal system</li>

140

<li>livecd = minimal (installation) live CD</li>

141

<li>desktop = manually tarballed full desktop system</li>

142

<li>[mirror] = any <uri link="http://www.gentoo.org/main/en/mirrors2.xml">Gentoo mirror</uri></li>

143

</ul>

144

145

</goals>

146

147

148

<dev role="lead">blueness</dev>

149

<dev role="member">zorry</dev>

150

151

152

<extrachapter position="bottom">

153

<title>I Want to Participate</title>

154

<section>

155

<body>

156

<p>

157

To participate in the Hardened uClibc project join the mailing list at

158

<c>gentoo-hardened@g.o</c> and visit our online IRC channel at

159

<c>#gentoo-hardened</c> on <c>irc.freenode.net</c>.

160

</p>

161

</body>

162

</section>

163

</extrachapter>

164

165

</project>

1	blueness 12/11/02 03:22:31
2
3	Added: index.xml
4	Log:
5	add page for hardened uclibc project
6
7	Revision Changes Path
8	1.1 xml/htdocs/proj/en/hardened/uclibc/index.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/uclibc/index.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/uclibc/index.xml?rev=1.1&content-type=text/plain
12
13	Index: index.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/project.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE project SYSTEM "/dtd/project.dtd">
19	<project>
20
21	<name>Hardened uClibc</name>
22	<longname>Porting Tool chain and Kernel Hardening to uClibc based systems</longname>
23
24	<description>
25	This subproject aims to port both tool chain and kernel hardening to uClibc
26	based systems for a variety of architectures. The project treats uClibc as an
27	alternative to glibc, and not necessarily as "embedded". The aim is a fully
28	featured system, and not one based primarily on busybox.
29	</description>
30
31	<longdescription>
32	<p>
33	All modern operating systems are comprised of a kernel and user land. The
34	former deals with hardware and resource management at the highest privilege
35	level (ring 0) while the later deals with the end user and operates at the lowest
36	privilege level (ring 3). The two interface at one central library referred to
37	as "the C standard library." By far, the most popular is "The GNU C library", or
38	<uri link="http://www.gnu.org/software/libc/">glibc</uri> for short; but, for
39	embedded systems <uri link="http://www.uclibc.org/">uClibc</uri> is the standard
40	library of choice, although there are other competitors (see <uri link="http://www.musl-libc.org/">musl</uri>).
41	uClibc (where the "u" is sometimes written as the Greek "mu" for "micro") is much
42	smaller than glibc, less bloated, much faster, and very configurable.
43	</p>
44
45	<p>
46	Continued developments in uClibc have made it increasingly suitable for fully
47	featured systems, even desktops. The recent addition of the native POSIX thread
48	library (see <uri link="http://en.wikipedia.org/wiki/Native_POSIX_Thread_Library">nptl</uri>)
49	meant that we could finally implement our complete complement of tool chain
50	hardening from glibc:
51	</p>
52
53	<ul>
54	<li>stack smashing protection (<uri link="http://en.wikipedia.org/wiki/Buffer_overflow_protection">ssp</uri>),
55	which came with nptl</li>
56	<li>position independent execution (<uri link="http://en.wikipedia.org/wiki/Position-independent_code">pie</uri>)</li>
57	<li>bind now and relro, linker hardening to protect the global offset table</li>
58	</ul>
59
60	<p>
61	These are complemented by the kernel hardening, especially
62	<uri link="http://pax.grsecurity.net/">PaX</uri>'s enhanced address space
63	layout randomization (<uri link="http://pax.grsecurity.net/docs/aslr.txt">aslr</uri>).
64	</p>
65
66	<p>
67	So, this subproject aims to port both tool chain and kernel hardening to uClibc
68	based systems for a variety of architectures, treating uClibc more as a
69	drop in alternative to glibc, and not necessarily as "embedded". Embedded
70	systems aim to produce kernels and user lands with tiny footprints, and so
71	tend to use busybox as their "Swiss Army Knife" of common UNIX utilities.
72	While not excluding this possibility, we aim at making most (all?) of Gentoo's
73	packages both hardened and uClibc compatible.
74	</p>
75	</longdescription>
76
77	<goals>
78	<p>
79	The project goals can be best summarized by the following chart:
80	</p>
81
82	<table>
83	<tr>
84	<th>Arch</th>
85	<th>Subarchs</th>
86	<th>Tool Chain Hardening</th>
87	<th>Kernel Hardening</th>
88	<th>Installation Media</th>
89	<th>Downloads</th>
90	</tr>
91	<tr>
92	<ti>amd64</ti>
93	<ti>Generic</ti>
94	<ti>Yes</ti>
95	<ti>Yes</ti>
96	<ti>stage3 livecd desktop</ti>
97	<ti>[mirror]/experimental/amd64/uclibc</ti>
98	</tr>
99	<tr>
100	<ti>arm</ti>
101	<ti>armv7a/softfloat</ti>
102	<ti>Yes</ti>
103	<ti>No</ti>
104	<ti>stage4</ti>
105	<ti>[mirror]/experimental/arm/uclibc</ti>
106	</tr>
107	<tr>
108	<ti>mips</ti>
109	<ti>mips32r2 mipsel32r2</ti>
110	<ti>Yes</ti>
111	<ti>No</ti>
112	<ti>stage4</ti>
113	<ti>[mirror]/experimental/mips/uclibc</ti>
114	</tr>
115	<tr>
116	<ti>ppc</ti>
117	<ti>Not Yet</ti>
118	<ti>Not Yet</ti>
119	<ti>Not Yet</ti>
120	<ti>Not Yet</ti>
121	<ti>Not Yet</ti>
122	</tr>
123	<tr>
124	<ti>x86</ti>
125	<ti>i686</ti>
126	<ti>Yes</ti>
127	<ti>Yes</ti>
128	<ti>stage3</ti>
129	<ti>[mirror]/experimental/x86/uclibc</ti>
130	</tr>
131	</table>
132
133	<ul>
134	<li>Yes = competed</li>
135	<li>Not Yet = in progress</li>
136	<li>No = no plans</li>
137	<li>NA = not applicable</li>
138	<li>stage3 = catalyst built stages 1, 2 and 3 available (ideal)</li>
139	<li>stage4 = manually tarballed minimal system</li>
140	<li>livecd = minimal (installation) live CD</li>
141	<li>desktop = manually tarballed full desktop system</li>
142	<li>[mirror] = any <uri link="http://www.gentoo.org/main/en/mirrors2.xml">Gentoo mirror</uri></li>
143	</ul>
144
145	</goals>
146
147
148	<dev role="lead">blueness</dev>
149	<dev role="member">zorry</dev>
150
151
152	<extrachapter position="bottom">
153	<title>I Want to Participate</title>
154	<section>
155	<body>
156	<p>
157	To participate in the Hardened uClibc project join the mailing list at
158	<c>gentoo-hardened@g.o</c> and visit our online IRC channel at
159	<c>#gentoo-hardened</c> on <c>irc.freenode.net</c>.
160	</p>
161	</body>
162	</section>
163	</extrachapter>
164
165	</project>

Gentoo Archives: gentoo-commits