|| ||basile <basile-yzvPICuk2ABaTBw8ZCwS0De48wsgrGvP-AT-public.gmane.org> |
|| ||tinhat-yzvPICuk2ABaTBw8ZCwS0De48wsgrGvP-AT-public.gmane.org, gentoo-hardened-cnFmAm88PdgLnqt3yJz4RQ-AT-public.gmane.org |
|| ||Tin Hat 20090727 is out |
|| ||Mon, 27 Jul 2009 11:05:38 -0400|
|| ||Article, Thread
I'd like to announce that a new release of Tin Hat is out. Tin Hat is a fully featured Linux
desktop based on Hardened Gentoo which runs purely in RAM. It aims to be very secure, stable, and
This release continues the work of hardening the system libraries and binaries begun in the
previous release with little changes to the kernel. The toolchain, composed of binutils-2-18,
glibc-2.9 and gcc-4.3.3, was used to compile the system from scratch with the following hardening:
1) -fstack-protector-all for everything excpet glibc and evolution where just -fstack-protect is
required, 2) -D_FORTIFY_SOURCE=2, 3) PIC/PIE, 4) -Wl,-z,now,-z,relro except for evolution which
requires -z,lazy. These features were applied via CFLAGS/CXXFLAGS and LDFLAGS in the make.conf
file in anticipation of migrating them to gcc's specs. We also sync-ed upstream with Gentoo,
updating approximately 90 packages.
Home page: http://opensource.dyc.edu/tinhat
Thanks to Zorry for helping me understand many of the issues.
Anthony G. Basile, Ph.D.
Chair of Information Technology
Buffalo, NY 14201
to post comments)