robert at linuxfromscratch.org
Wed Jun 6 23:29:19 PDT 2007
Dropping -fpic isn't working out. There are too many static convenience libs
that get linked into programs.
The new gcc specs patch should be ready today or tommorrow. It's much more
configurable, and there may be parts that some of you may not want... like
changes to libmudflap so it just kills programs instead of giving debugging
info. By default, without adding definitions to the headers, the patch will
I added mkstemps to the arc4random glibc patch, so libiberty and others can
use this libc version instead. I just copied mkstemps.c from gcc, and
replaced gettimeofday() with arc4random(). There's a bit of duplicate code
with the other mktemp stuff in glibc, but it's probably less than 1kb
compiled so it's no big deal. This way the mktemp family in glibc doesn't
need to be completely rewritten to support mkstemps().
Glibc-2.6 and GCC-4.2 are out, but I'd like to keep Glibc-2.5 and gcc-4.1.x.
Neither of the new packages have added any significant hardening changes, and
they're both going to take 6-12 months to stabilize with other packages.
It looks like the only way to get Glibc-2.6 working with Linux-2.4 is to
disable threading. I don't think this is such a big problem. Linux-2.4 would
be used mainly for network servers, and those daemons generally don't link to
libpthread. Also, the pth gnu package can be used as a threading library.
While reading changes to Glibc-2.6, I discovered the strfry() function, and
it's another place arc4random() can be used. strfry() is a glibc specific
function that returns a randomized string. I'm not sure what uses it, but
it's another function that uses gettimeofday() for entropy.
I finally added frandom back to the book earlier today. I talked to the
Fortuna developer about adding frandom to his patch, but it looks like his
opinion is to use /dev/urandom (his version) for everything and forget
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev