Roadmap
-
* Glibc-only (uClibc will remain in -unstable)
* Stabilize with linux-2.4 branch.
- Confirm rebuildability.
- Confirm testsuites.
* Enable verbose compiler warnings for base system packages.
- Add -Werror -Wall -Wformat -Wformat-security whereever possible.
- Fix/investigate places where -Werror -Wall does not work.
- Use -Wformat=2, and other supplemental warnings, with -Werror whereever possible.
* Enable toolchain security enhancements on base system.
- This includes -D_FORTIFY_SOURCE=2, -fPIE/-pie, -fstack-protector[-all], -z relro,now.
- Link suid programs to libmudflap.
- Supply proof of concept tests for each of these features, including strlcpy/strlcat tests.
* Support all Grsecurity and PaX kernel options.
- Verify Glibc can rebuild with all PaX options enabled.
* Verify system integrity with available debugging utilities and libraries.
- Add strlcpy/strlcat where it works.
- This can include Valgrind for GCC, Purity for Bash, etc.
- Give special consideration to suid programs.
- Document this.
* Submit all patches and modifications to official maintainers for review, criticism, etc.
* Add enough information and explanations of hardening methods so that Beyond-HLFS packages can be hardened without instructions (including fixing compiler warnings, unsafe mktemp functions, weird permissions on newly installed files such as suid bit and group writables). For example, instead of writing "do this and this", write "this is being done specifically in this instance because of that, and look for this when installing BLFS packages".
* Perhaps use BLFS's wiki pages for each package to add hardening notes, rather than adding BLFS packages to the HLFS book. This would benefit more users too.
* Segregate instructions for features to keep each of them optional.
- This includes toolchain, kernel, and debugging features.
* Audit book for accuracy, ease of reading and understanding.
- Document features well enough that outside links are not necessary, but available.
- Spell and grammar check.
-
* The following is a note pad of ideas for the 1.0 release. Items may be added or removed.
*** Educational Text - Written to be Unbiased ***
* Provide descriptions of attacks and vulnerabilities in layman's terms.
- What happens to the system during various exploits.
- Root causes. Secondary causes.
- Why the code allowed the exploit.
- Why the compiler allowed the exploit.
- Why the kernel allowed the exploit.
- How to prevent it, both practically and theoretically.
- Current technology, in all operating systems.
- Definition of "trusted system".
* Documented base system source code audit.
- How to use lint.
- Understanding compiler warnings.
- How to use other tools (Valgrind), and understand their output.
* Document user ethics (and rights).
- When to use root, and when not to.
- Administrative users.
- Daemon users.
- Human users.
* Document overview of Linux/Unix permisions (kernel and filesystem).
* Role based access control.
- Document how it works.
- What to consider when adding permissions for files on the system.
* Dynamic linking, shared objects, and static linking.
- Document advantages and disadvantages.
- What is Linux ELF.
* PaX and Grsecurity.
- Provide overview of features, and their relation to previous (above) topics.
- Light overview of competing products, like Selinux, with links.
* Compiler features.
- Document an overview, and the relation to previous topics.
- What happens to the system during various exploits.
