Simplicity is a form of art...

Looking at the local Linux kernel privilege escalation
by Sven Vermeulen, post on Fri 17 May 2013

There has been a few posts already on the local Linux kernel privilege escalation, which has received the CVE-2013-2094 ID. arstechnica has a write-up with links to good resources on the Internet, but I definitely want to point readers to the explanation that Brad Spengler made on the vulnerability.

In …

Highlevel assessment of Cdorked and Gentoo Hardened/SELinux
by Sven Vermeulen, post on Tue 14 May 2013

With all the reports surrounding Cdorked, I took a look at if SELinux and/or other Gentoo Hardened technologies could reduce the likelihood that this infection occurs on your system.

First of all, we don't know yet how the malware gets installed on the server. We do know that the …

Overview of Linux capabilities, part 3
by Sven Vermeulen, post on Mon 06 May 2013

In previous posts I talked about capabilities and gave an introduction to how this powerful security feature within Linux can be used (and also exploited). I also covered a few capabilities, so let's wrap this up with the remainder of them.

CAP_AUDIT_CONTROL
Enable and disable kernel auditing; change auditing filter …

Overview of Linux capabilities, part 2
by Sven Vermeulen, post on Sun 05 May 2013

As I've (in a very high level) described capabilities and talked a bit on how to work with them, I started with a small overview of file-related capabilities. So next up are process-related capabilities (note, this isn't a conform terminology, more some categorization that I do myself).

CAP_IPC_LOCK
Allow the …

Overview of Linux capabilities, part 1
by Sven Vermeulen, post on Sat 04 May 2013

In the previous posts, I talked about capabilities and how they can be used to allow processes to run in a privileged fashion without granting them full root access to the system. An example given was how capabilities can be leveraged to run ping without granting it setuid root rights …

Restricting and granting capabilities
by Sven Vermeulen, post on Fri 03 May 2013

As capabilities are a way for running processes with some privileges, without having the need to grant them root privileges, it is important to understand that they exist if you are a system administrator, but also as an auditor or other security-related function. Having processes run as a non-root user …

Capabilities, a short intro
by Sven Vermeulen, post on Thu 02 May 2013

Capabilities. You probably have heard of them already, but when you start developing SELinux policies, you'll notice that you come in closer contact with them than before. This is because SELinux, when applications want to do something "root-like", checks the capability of that application. Without SELinux, this either requires the …

Securely handling libffi
by Sven Vermeulen, post on Sun 28 April 2013

I've recently came across libffi again. No, not because it was mentioned during the Gentoo Hardened online meeting, but because my /var/tmp wasn't mounted correctly, and emerge (actually python) uses libffi. Most users won't notice this, because libffi works behind the scenes. But when it fails, it fails bad …

Mitigating DDoS attacks
by Sven Vermeulen, post on Mon 22 April 2013

Lately, DDoS attacks have been in the news more than I was hoping for. It seems that the botnets or other methods that are used to generate high-volume traffic to a legitimate service are becoming more and more easy to get and direct. At the time that I'm writing this …

What could SELinux have done to mitigate the postgresql vulnerability?
by Sven Vermeulen, post on Tue 16 April 2013

Gentoo is one of the various distributions which supports SELinux as a Mandatory Access Control system to, amongst other things, mitigate the results of a succesfull exploit against software. So what about the recent PostgreSQL vulnerability?

When correctly configured, the PostgreSQL daemon will run in the postgresql_t domain. In SELinux-speak …