Simplicity is a form of art...

The mix of libffi with other changes
by Sven Vermeulen, post on Sun 03 November 2013

I once again came across libffi. Not only does the libffi approach fight with SELinux alone, it also triggers the TPE (Trusted Path Execution) protections in grSecurity. And when I tried to reinstall Portage, Portage seemed to create some sort of runtime environment in a temporary directory as well, and …

Securely handling libffi
by Sven Vermeulen, post on Sun 28 April 2013

I've recently came across libffi again. No, not because it was mentioned during the Gentoo Hardened online meeting, but because my /var/tmp wasn't mounted correctly, and emerge (actually python) uses libffi. Most users won't notice this, because libffi works behind the scenes. But when it fails, it fails bad …