robert at linuxfromscratch.org
Wed Jul 26 07:54:55 PDT 2006
On July 26, 2006 09:11 am, Sebastian Faulborn wrote:
> What about adding blowfish passwords which is a major improvement in
I've been planning to port the Owl blowfish patch for Glibc to uClibc. There
was also some debate about adding blowfish to HLFS a year or two ago, that's
why it became a hint. I don't know if anyone still has objections. As far as
I know Owl's blowfish patch is transparent after Glibc and Shadow, so its
really easy to make it optional.
> If you don't do the last step, OpenSSH will segfault when trying to login.
> OpenSSH has a function xcrypt() which calls crypt() which is defined in
> xcrypt.h and hence in crypt.h as a #define to xcrypt() which
> causes OpenSSH to call xcrypt() in an infinte loop until the stack
> A few other packages also have problems compiling without the patch.
I don't run sshd personally, so I didn't realize this was happening. But I
prefer Owl's patch to xcrypt. All my hints need updating, but I never get
around to it... I'll try to.
> I also think we should add gradm. After all one of the most important
> features (RBAC) cannot be activated without it. There is no need to have
> rules - gradm generates them automatically (although you might want to
> change some of them manually). That's one of the major advantages of
> grsecurity over other security systems (such as SELINUX).
Fair enough. The gradm package can be added to chapter 6.
> Also don't forget to also add chpax (or at least mention it somewhere in the
> book!). It's needed when you want to change PAX settings for precompiled
> binaries which don't use the new PAX style ELF headers (eg. Java,
> precompiled MySQL, etc.)
Paxctl is in chapter 6. It's the last package, after udev. It gets run on
I want to shuffle the chapter 6 packages to match LFS, and add the utf8 stuff.
I also want to remove the blfs packages and maybe the network (inetutils and
iproute2) packages, to make HLFS a purely development system. I don't want to
add new packages, like gradm, until that's done.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev