robert at linuxfromscratch.org
Tue Apr 27 14:32:50 PDT 2004
Can this fit in preface?
Hardened Linux From Scratch is a security oriented documentation and source
code project. It is our ambition to redefine security. HLFS targets the
educational community, but is by no means rudimentary. Because HLFS is not
a distribution we can make changes vendors can not. Specificly this means we
can patch non-gnu code into gnu packages. We can integrate packages into
our core system that other vendors would not because of their bureaucracy.
A fine example is the frandom kernel patch. This solved a serious entropy
problem with smashing stack protector. Frandom was not chosen because it is
GNU, and not because it was the easiest solution, but because it is the best
solution. Where ever possible packages are integrated, not simply offered
as a package. Libraries for blowfish are offered by other vendors, but
integrated by few, simply because of licensing issues. The same can be said
for Pam, in that its offered by many and integrated by few. Standards are
often not motivated by security, and in many cases they can hinder security.
The only way we could avoid these standards, bureaucracy, and politics was
by starting over, from scratch, and reevaluating everything. HLFS is not
for everyone, it will not support every package. It is written for those
who wish to learn how to fill every crack and crevice in a Linux system.
More information about the hlfs-dev