We are a group of free software enthusiasts, anarchists, cyber security researchers. Long live anarchy! Long live 0ld sch00l!!! A small step in security hardening --> A giant leap in Free & Open source software!!!
(A/T/KT) - Sanitized GNU/Linux: a new way of bug hunter in FLOSS Community
by citypw and an anonymous dude
“As long as there is technology, there will be hackers. As long as there are hackers, there will be PHRACK magazine.” — The Circle of Lost Hackers on Phrack issue 64
As long as there are bugs, there will be vulnerablities. As long as there are vulnerablities, there will be regular/stable/weaponized exploits. Bug hunting is one of most important issues that we’ve been fighting for decades in FLOSS community. Addr/thread sanitizers are very powerful weapons for bug hunters to build their own Fuzzing platform or can be integrated into the regression testing. In either ways, FLOSS community can get benefit from it;-)
Creating a partition start from 1MB and end at 3MB used by GRUB2BOOTLOADER
Creating BOOT partition (128MB)
Creating swap partition
Creating remaining disk as ROOTFS
Creating the partitions(MBR):
Creating file systems：
Formatting sda2 and sda4 in ext2 and ext4
Formatting sda3 as swap partition
After all Creating partition and formatting, now we can mount those partitions. Be aware of mounting partition we should creating a directories first.
We cloud use links to download a stage tarball by surf to the gentoo mirror list.
Chosing a proper(close by) mirror and enter the releases/amd64/autobuilds/current-stage3-amd64/ directory.
Chose stage3-amd64-<releases>.tar.bz2/stage3-amd64-<releases>.tar.bz2.DIGESTS/stage3-amd64-<releases>.tar.bz2.DIGESTS.asc to download
.CONTENTS file that contains a list of all files inside the stage tarball
.DIGESTS file that contains checksums of the stage file, in different algorithms
.DIGESTS.asc file that, like the .DIGESTS file, contains checksums of the stage file in different algorithms, but is also cryptographically signed to ensure it is provided by the Gentoo project
—— from Gentoo Handbook
Compare the output of these commands with the value registered in the .DIGESTS(.asc) files. The values need to match, otherwise the downloaded file might be corrupt (or the digests file is).
Using gpg to make sure the checksums have not been tampered with.
Unpacking the stage tarball
Configuring compile options:
CFLAGS and CXXFLAGS
The CFLAGS and CXXFLAGS variables define the optimization flags for the GCC C and C++ compiler respectively. Although those are defined generally here, for maximum performance one would need to optimize these flags for each program separately. The reason for this is because every program is different. However, this is not manageable, hence the definition of these flags in the make.conf file.
In make.conf one should define the optimization flags that will make the system the most responsive generally. Don’t place experimental settings in this variable; too much optimization can make programs behave bad (crash, or even worse, malfunction).
—— from Gentoo Handbook
Chosing proper mirror
Copy Nameserver info:
Mounting the necessary filesystems
Entering the chroot environment
Update Configuration file
Change GCC default version
Download kernel source
Checking Kernel Version
Configuring Kernel Options
Automatically start networking at boot
Setting root password
In this section, I going to use GRUB2 as my bootloader
Exiting chroot environment
After reboot, we could simply use dhcp automatically connect to Internet
Adding address sanitizer FLAGS into /etc/portage/make.conf
HINT:Address sanitizer and kernel address sanitizer are incompatible with thread sanitizer. If you want to use thread sanitizer, you can build another system to enable -fsanitize=thread separately.