Author: robert Date: 2008-10-14 20:32:21 -0600 (Tue, 14 Oct 2008) New Revision: 1437
Modified: branches/Onward/downloads/patches.txt branches/Onward/temporary_system/glibc.txt Log: Added issetugid and sanitize_env patches to Glibc Modified: branches/Onward/downloads/patches.txt =================================================================== --- branches/Onward/downloads/patches.txt 2008-10-14 22:40:47 UTC (rev 1436) +++ branches/Onward/downloads/patches.txt 2008-10-15 02:32:21 UTC (rev 1437) @@ -18,7 +18,7 @@ http://www.linuxfromscratch.org/~robert/new/patches/gcc-4.2-20081001-fpie-2.diff # GCC -D_FORTIFY_SOURCE=2 patch: -http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-fortify_source-2.patch +http://www.linuxfromscratch.org/patches/downloads/gcc/gcc-4.1.2-fortify_source-2.patch # GCC -fstack-protector-all patch: http://www.linuxfromscratch.org/~robert/new/patches/gcc-4.2-20081001-fstack_protector.diff @@ -26,6 +26,12 @@ # GCC's libiberty fix for -D_FORTIFY_SOURCE: http://www.linuxfromscratch.org/~robert/new/patches/gcc-4.2-20081001-asprintf_fix.diff +# Glibc issetugid() patch: +http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.5.1-issetugid-1.patch + +# Glibc sanitize environment patch: +http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.8-sanitize_env.diff + # Grsecurity patch: # http://grsecurity.net/grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz.sign http://grsecurity.net/grsecurity-2.1.11-2.6.24.5-200804211829.patch.gz Modified: branches/Onward/temporary_system/glibc.txt =================================================================== --- branches/Onward/temporary_system/glibc.txt 2008-10-14 22:40:47 UTC (rev 1436) +++ branches/Onward/temporary_system/glibc.txt 2008-10-15 02:32:21 UTC (rev 1437) @@ -19,6 +19,21 @@ patch -p1 -i ../glibc-2.5.1-pt_pax-1.patch && +# This patch adds the issetugid() function, which is a front-end to the +# __libc_enable_secure() dynamic linker private function. This function +# reports whether the program is running with matching real and effective +# ID's, or not, to determine whether the program is running with set-uid or +# set-gid privileges. Many packages will search for issetugid() and use it if +# found, such as Ncurses. This is safer than allowing each program to +# determine privileges itself because it is tested at a lower level which is +# not manipulatable by the user. Apply this patch with the following command: + +patch -p1 -i ../glibc-2.5.1-issetugid-1.patch && + +# This patch resticts the environment, particularly with setuid programs: + +patch -p1 -i ../glibc-2.8-sanitize_env.diff && + # We don't install pt_chown(1) on the final system, so why install it to # /tools: -- http://linuxfromscratch.org/mailman/listinfo/hlfs-book FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
