Immunix OS 7.0 (2CD)

Immunix OS 7.0 (2CD)

Цена: 175 р.

Товар временно закончился

Код товара: lc103

Immunix OS 7.0 is based mostly on the RedHat Linux 7.0 distribution. It has been rebuilt with the latest Immunix StackGuard enhancements to the egcs compiler and Immunix FormatGuard enhancements to the glibc libraries. We have also included the Immunix SubDomain kernel module and OpenWall kernel patch for added security.

Immunix OS is not free software. Immunix does employ many GPL'd components, and you can download those components under the terms of the GPL. Immunix also incorporates other components, under a variety of licenses, including the Immunix Commercial License. The licensing terms for the whole distribution are described here.

Immunix OS is also available for non-commercial use. WireX's definition of "non-commercial" basically means things you don't charge for. You can make unlimited copies of the non-commercial edition of Immunix OS 7.0, so long as use conforms with the non-commercial license. This should be suitable for most personal and educational purposes.

Install Notes

We highly recommend a fresh install, not an upgrade. An upgrade is asking for trouble ;-) If you have installed ONLY packages from Immunix OS 6.2 an upgrade should work, but if you have installed anything that isn't from the Immunix 6.2 distribution you will wind up with a mish-mash of StackGuard protected binaries and libraries and vulnerable binaries and libraries. The best alternative is a fresh install and then download source RPMS for packages that do not come with Immunix OS 7.0. Compile from source with the StackGuard compiler to insure these new packages are StackGuard and FormatGuard protected.

Since this is a single cd release, there are a number of files that are included in RedHat Linux 7.0 that are not included in this Immunix 7.0 release. We tried to strip out only those packages that are specific to a desktop user, as this is a server oriented release (that is why there is no GNOME or KDE installed). Selected workstation oriented programs have been included on the CD in the /extras directory, and additional workstation oriented programs are provided in our contribs directory. However, while these programs have been protected with Immunix tools, these workstation programs are provided completely as-is, no support, and WireX takes no responsibility for security vulnerabilities they may induce.

If you are setting up an image for NFS, FTP, HTTP, or Hard Drive installations, you need to get everything from the Immunix 7.0 cd. On Linux the following process will properly set up the /target/directory on your server for installing Immunix Linux.
    1) Insert the Immunix 7.0 disc
    2) mount /mnt/cdrom
    3) cp -a /mnt/cdrom/RedHat /target/directory
    4) mkdir /target/directory/RedHat/instimage
    5) mkdir /tmp/instimage
    6) mount -o loop /target/directory/RedHat/base/stage2.img /tmp/instimage
    7) cp -a /tmp/instimage /target/directory/RedHat/instimage
    8) export /target/directory via NFS
    9) insert blank floppy into floppy drive
    10) dd if=/target/directory/images/bootnet.img of=dev/fd0
    11) boot off of the created floppy to start your NFS install

Build Notes

   The Immunix OS 7.0 distribution was built on a standard (everything install) RedHat Linux 7.0 distribution with the StackGuard compiler and the StackGuard and FormatGuard glibc. The source RPMS are from the RedHat Linux 7.0 distribution. The SPEC files were modified to note that the package was StackGuard and FormatGuard protected and to test for a StackGuard compiler and FormatGuard glibc before building. In some cases the source RPMS were patched to compile correctly with the FormatGuard glibc. (NOTE: some source RPMS are actually RedHat Linux 7.0 updates)

The general process is:
    1) upgrade glibc and egcs packages to StackGuard and FormatGuard versions
    2) install the source RPM
    3) edit the SPEC file
    4) build the source and binary RPMS from the edited SPEC file.
    5) repeat until all source RPMS are built.
    6) install all the StackGuard and FormatGuard protected binary RPMS
    7) rebuild the binary RPMS from the newer source RPMS (w/ edited SPEC files)
    8) repeat until rebuilds stop changing binaries (i.e. ensure that all executables and libraries -- static and dynamic -- are StackGuard and FormatGuard protected).

Compiler Notes

   As mentioned above, RedHat Linux 7.0 updates were used where available (as of October 21 2000). The following source RPMS are updates (for bug fixes and security patches):

  -  LPRng-3.6.24-2.src.rpm
  -  apache-1.3.14-3.src.rpm
  -  e2fsprogs-1.18-16.src.rpm
  -  emacs-20.7-17.src.rpm
  -  esound-0.2.20-1.src.rpm
  -  gnorpm-0.95.1-3.src.rpm
  -  gnupg-1.0.4-5.src.rpm
  -  iputils-20001010-1.src.rpm
  -  mount-2.10m-6.src.rpm
  -  mysql-3.23.24-1.src.rpm
  -  openssh-2.2.0p1-5.src.rpm
  -  php-4.0.3pl1-1.src.rpm
  -  sysklogd-1.3.33-8.src.rpm
  -  sysstat-3.2.4-4.src.rpm
  -  sysstat-3.2.4-5.src.rpm
  -  tmpwatch-2.6.2-1.7.src.rpm
  -  up2date-2.0.6-1.src.rpm
  -  usermode-1.36-3.src.rpm
  -  xinetd-

   Any package that has a compiled binary in it that was built with the StackGuard compiler and FormatGuard library has the word "StackGuard" added to it. Any package that has some Immunix logo branding in it, has the word "Immunix" added to it.

Non-StackGuard Protected Packages

   The kernel RPMS can't be StackGuard protected since the kernel is "aware" of the stack layout (see the kernel section above for more information about this), however the kernel RPMS are patched to offer SubDomain and OpenWall protection:
  -  kernel-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-2.2.16-22_Immunix_4.i586.rpm
  -  kernel-2.2.16-22_Immunix_4.i686.rpm
  -  kernel-BOOT-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-doc-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-enterprise-2.2.16-22_Immunix_4.i686.rpm
  -  kernel-ibcs-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-pcmcia-cs-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-smp-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-smp-2.2.16-22_Immunix_4.i586.rpm
  -  kernel-smp-2.2.16-22_Immunix_4.i686.rpm
  -  kernel-source-2.2.16-22_Immunix_4.i386.rpm
  -  kernel-utils-2.2.16-22_Immunix_4.i386.rpm

Packages needed to begin protecting RedHat Linux 7.0 with StackGuard and FormatGuard (the source for these has been altered as part of StackGuard):
  -  cpp-1.1.2-30_SG201_stout.i386.rpm
  -  egcs-1.1.2-30_SG201_stout.i386.rpm
  -  egcs-c++-1.1.2-30_SG201_stout.i386.rpm
  -  egcs-g77-1.1.2-30_SG201_stout.i386.rpm
  -  egcs-objc-1.1.2-30_SG201_stout.i386.rpm
  -  glibc-2.1.94-3_StackGuard_1.i386.rpm
  -  glibc-devel-2.1.94-3_StackGuard_1.i386.rpm
  -  glibc-profile-2.1.94-3_StackGuard_1.i386.rpm
  -  kernel-headers-2.4.0-0.26.i386.rpm
  -  libstdc++-2.9.0-30_SG201_stout.i386.rpm
  -  nscd-2.1.94-3_StackGuard_1.i386.rpm

Packages that were modified from the original RedHat Linux 7.0 source packages to get them to build properly with the FormatGuard version of glibc.:
  -  DBI-1.13-1_StackGuard.src.rpm
  -  MySQL-3.22.32-1.src.rpm
  -  XFree86-4.0.1-1_StackGuard.src.rpm
  -  Xconfigurator-4.3.5-1.src.rpm
  -  am-utils-6.0.4s5-8_StackGuard.src.rpm
  -  amanda-2.4.1p1-18_StackGuard.src.rpm
  -  apache-1.3.14-2.src.rpm
  -  apmd-3.0final-18_StackGuard.src.rpm
  -  aspell-0.32.5-1_StackGuard.src.rpm
  -  bash-2.04-11_StackGuard.src.rpm
  -  binutils-
  -  bzip2-1.0.1-3_StackGuard.src.rpm
  -  cdecl-2.5-15_StackGuard.src.rpm
  -  cdrecord-1.9-2_StackGuard.src.rpm
  -  cvs-1.10.8-8_StackGuard.src.rpm
  -  dump-0.4b19-4_StackGuard.src.rpm
  -  fetchmail-5.5.0-2_StackGuard.src.rpm
  -  fvwm2-2.2.4-9_StackGuard.src.rpm
  -  ghostscript-5.50-7_StackGuard.src.rpm
  -  gnupg-1.0.2-4_StackGuard.src.rpm
  -  gperf-2.7-9_StackGuard.src.rpm
  -  hdparm-3.9-6_StackGuard.src.rpm
  -  imap-4.7c2-12_StackGuard.src.rpm
  -  initscripts-5.49-1_StackGuard.src.rpm
  -  isdn-config-0.17-7_StackGuard.src.rpm
  -  jadetex-2.7-4_StackGuard.src.rpm
  -  jikes-1.12-1_StackGuard.src.rpm
  -  krb5-1.2.1-8_StackGuard.src.rpm
  -  lam-6.3.3b28-1_StackGuard.src.rpm
  -  libxml-1.8.9-5_StackGuard.src.rpm
  -  linuxconf-1.19r2-4_StackGuard.src.rpm
  -  lslk-1.25-4_StackGuard.src.rpm
  -  lsof-4.47-5_StackGuard.src.rpm
  -  ltrace-0.3.10-5_StackGuard.src.rpm
  -  lynx-2.8.4-3_StackGuard.src.rpm
  -  mars-nwe-0.99pl19-11_StackGuard.src.rpm
  -  mawk-1.3.3-5_StackGuard.src.rpm
  -  mikmod-3.1.6-9_StackGuard.src.rpm
  -  mpage-2.5.1-2_StackGuard.src.rpm
  -  mtools-3.9.7-3_StackGuard.src.rpm
  -  ncpfs-
  -  openssh-2.1.1p4-1_StackGuard.src.rpm
  -  pam-0.72-26_StackGuard.src.rpm
  -  pam_krb5-1-19_StackGuard.src.rpm
  -  pax-1.5-2_StackGuard.src.rpm
  -  perl-DBD-msql-mysql-1.2214-1_StackGuard.src.rpm
  -  pilot-link-0.9.3-10_StackGuard.src.rpm
  -  pine-4.21-23_StackGuard.src.rpm
  -  pmake-2.1.34-6_StackGuard.src.rpm
  -  postgresql-7.0.2-17_StackGuard.src.rpm
  -  psacct-6.3.2-4_StackGuard.src.rpm
  -  pspell-0.11.2-1_StackGuard.src.rpm
  -  pxe-0.1-20_StackGuard.src.rpm
  -  quota-2.00pre3-7_StackGuard.src.rpm
  -  rcs-5.7-13_StackGuard.src.rpm
  -  routed-0.17-5_StackGuard.src.rpm
  -  sendmail-8.11.0-8_StackGuard.src.rpm
  -  stunnel-3.8-4_StackGuard.src.rpm
  -  sysklogd-1.3.33-6_StackGuard.src.rpm
  -  tcp_wrappers-7.6-15_StackGuard.src.rpm
  -  telnet-0.17-7_StackGuard.src.rpm
  -  tetex-1.0.7-7_StackGuard.src.rpm
  -  texinfo-4.0-15_StackGuard.src.rpm
  -  tin-1.4.4-2_StackGuard.src.rpm
  -  ucd-snmp-4.1.2-8_StackGuard.src.rpm
  -  util-linux-2.10m-12_StackGuard.src.rpm
  -  uucp-1.06.1-25_StackGuard.src.rpm
  -  wu-ftpd-2.6.1-6_StackGuard.src.rpm
  -  xcdroast-0.98-1_StackGuard.src.rpm
  -  xfig-3.2.3c-3_StackGuard.src.rpm
  -  xlockmore-4.16.1-7_StackGuard.src.rpm
  -  xosview-1.7.1-8_StackGuard.src.rpm

Packages that were modified in some way from the original RedHat Linux packages to add "Immunix" branding:
  -  XFree86-4.0.1-1_StackGuard_Immunix_1.src.rpm
  -  apache-1.3.14-3_StackGuard_Immunix_2.src.rpm
  -  indexhtml-7.0-2_Immunix_1.src.rpm
  -  initscripts-5.49-1_StackGuard_Immunix_3.src.rpm
  -  lilo-21.4.4-10_StackGuard_Immunix_1.src.rpm
  -  rp-pppoe-2.2-4_StackGuard_Immunix_1.src.rpm
  -  xinitrc-2.9.10-1_Immunix_1.src.rpm

Packages that will not build in the StackGuard environment:


The only package that wouldn't build with terminator canaries was the huge wonder called GLIBC, which just can't stand for the __canary_death_handler() procedure to call things before its gotten around to bootstrapping the definitions of those things -- like syslog calls.

The solution was to create a variant of the StackGuard just for it, called "lite", which doesn't provide a __canary_death_handler. Some effort was required to get GLIBC to define its own version of this procedure, which among other things, required the symbol to be declared with a "weak" attribute, since its single declaration was used more than once. Its not clear the gcc supplied one in libgcc2.a is in PIC either. Its might be possible to go back and fix the gcc supplied version so that it was PIC and weak, which might fix the GLIBC build.

Комплект 2 CD

CD1 - Install CD
CD2 - Packages CD