Hello everyone, I'd like to announce that a new release of Tin Hat is out. Tin Hat is a fully featured Linux desktop based on Hardened Gentoo which runs purely in RAM. It aims to be very secure, stable, and fast.
This release continues the work of hardening the system libraries and binaries begun in the previous release with little changes to the kernel. The toolchain, composed of binutils-2-18, glibc-2.9 and gcc-4.3.3, was used to compile the system from scratch with the following hardening: 1) -fstack-protector-all for everything excpet glibc and evolution where just -fstack-protect is required, 2) -D_FORTIFY_SOURCE=2, 3) PIC/PIE, 4) -Wl,-z,now,-z,relro except for evolution which requires -z,lazy. These features were applied via CFLAGS/CXXFLAGS and LDFLAGS in the make.conf file in anticipation of migrating them to gcc's specs. We also sync-ed upstream with Gentoo, updating approximately 90 packages. Home page: http://opensource.dyc.edu/tinhat Downloads: http://opensource.dyc.edu/tinhat-downloads Thanks to Zorry for helping me understand many of the issues. -- Anthony G. Basile, Ph.D. Chair of Information Technology D'Youville College Buffalo, NY 14201 USA (716) 829-8197
signature.asc
Description: OpenPGP digital signature
