The mix of libffi with other changes
by Sven Vermeulen, post on Sun 03 November 2013I once again came across libffi. Not only does the libffi approach fight with SELinux alone, it also triggers the TPE (Trusted Path Execution) protections in grSecurity. And when I tried to reinstall Portage, Portage seemed to create some sort of runtime environment in a temporary directory as well, and …
Gentoo Hardened meeting 201310
by Sven Vermeulen, post on Thu 24 October 2013We gathered online again to talk about the progress, changes and other stuff related to the Gentoo Hardened project.
New Developer
We welcomed Zero_Chaos as a new addition to our team. Big welcome, with the usual IRC kick in between, ensued.
Toolchain
GCC 4.8.x is unmasked and ready …
In-browser encryption for online password management
by Sven Vermeulen, post on Sun 20 October 2013Lately I've been trying to find a good free software project that uses PHP or cgi-bin (one of the requirements for this particular organization) that allows its users to store passwords centrally, but uses encryption on the browser level before the passwords are sent to the central server. I've found …
A bug please...
by Sven Vermeulen, post on Mon 30 September 2013I know contacting me (or other developers) through IRC is often fast, but having a bug report on our bugzilla is very important to me and other developers. Allow me to explain a bit why.
First of all, IRC is ephemeral. If we are not immediately on IRC noticing it …
It has finally arrived: SELinux System Administration
by Sven Vermeulen, post on Fri 27 September 2013Almost everyone has it - either physical or in their heads: a list of things you want to do or achieve before you... well, stop existing. Mine still has numerous things on it (I should get on it, I know) but one of the items on that list has recently been …
Aaaand we're back - hardened monthly meeting
by Sven Vermeulen, post on Thu 26 September 2013It almost feels like we had our monthly online meeting just a week ago. Below a small write-up of the highlights. If you want to know the gory details, just wait a few hours/days until the IRC logs are sent out ;-) Now remember, the project does more than what …
Underestimated or underused: Portage (e)logging
by Sven Vermeulen, post on Wed 25 September 2013Within 30 minutes of each other, two people on the #gentoo channel
asked if Portage kept logs of the messages displayed during the build
and installation of a package. Of course, the answer is a sounding "yes"
- and depending on your needs, you can even save more of the logging …
Creating a poor man central SCAP system
by Sven Vermeulen, post on Tue 24 September 2013A few weeks ago, I was asked to give some explanation about how SCAP content can be used in companies to improve their infrastructure knowledge. The focus back then was to look at benchmarks (secure states) and violations, but other functionality should not be ignored. I'm not going to talk …
Switching gpg key to 0x2EDD52403B68AF47
by Sven Vermeulen, post on Thu 19 September 2013I recently switched my GnuPG key. The previous key - which is still in place for now (no revocation send out yet) - was 0x5DFAB3ECCDBA2FDB and was a 1024 bit DSA key. The new one, 0x2EDD52403B68AF47, is a 4096 bit RSA key. It also has the following preferences:
gpg> showpref
[ultimate] (1 …cvechecker 3.3 released
by Sven Vermeulen, post on Mon 16 September 2013I just uploaded a new release of cvechecker
to the project files. The release is a (long overdue) bugfix release,
but includes two small enhancements: support standard input for the
binary list (so you can pipe the output of one command to cvechecker)
and the introduction of the CVECHECKER_CONFFILE variable …