Simplicity is a form of art...

November online hardened meeting
by Sven Vermeulen, post on Wed 11 December 2013

Later than usual, as I wasn't able to make the meeting myself (thus had to wait for the meeting logs in order to draft up this summary), so here it is. The next meeting is scheduled for next week, btw ;-)

Toolchain

The 4.8.2 ebuild for GCC is available …

The mix of libffi with other changes
by Sven Vermeulen, post on Sun 03 November 2013

I once again came across libffi. Not only does the libffi approach fight with SELinux alone, it also triggers the TPE (Trusted Path Execution) protections in grSecurity. And when I tried to reinstall Portage, Portage seemed to create some sort of runtime environment in a temporary directory as well, and …

Gentoo Hardened meeting 201310
by Sven Vermeulen, post on Thu 24 October 2013

We gathered online again to talk about the progress, changes and other stuff related to the Gentoo Hardened project.

New Developer

We welcomed Zero_Chaos as a new addition to our team. Big welcome, with the usual IRC kick in between, ensued.

Toolchain

GCC 4.8.x is unmasked and …

Aaaand we're back - hardened monthly meeting
by Sven Vermeulen, post on Thu 26 September 2013

It almost feels like we had our monthly online meeting just a week ago. Below a small write-up of the highlights. If you want to know the gory details, just wait a few hours/days until the IRC logs are sent out ;-) Now remember, the project does more than what …

Gentoo Hardened progress report
by Sven Vermeulen, post on Thu 29 August 2013

Today, we had our monthly online meeting to discuss the progress amongst the various Gentoo Hardened projects. As usual, here is a small write-up.

Lead election

As every year, we also reviewed the current project leads. No surprises here, everybody is happy with the current leads so they are re-elected …

And now, 31 days later...
by Sven Vermeulen, post on Thu 01 August 2013

... the Gentoo Hardened team had its monthly online meeting again ;-)

On the agenda were the usual suspects, such as the toolchain. In this category, Zorry mentioned that he has a fix for GCC 4.8.1 for the hardenedno* and vanilla gcc-config options which will be added to the tree …

Rebuilding SELinux contexts with sefcontext_compile
by Sven Vermeulen, post on Mon 08 July 2013

A recent update of libpcre caused the binary precompiled regular expression files of SELinux to become outdated (and even blatantly wrong). The details are in bug 471718 but that doesn't help the users that are already facing the problem, nor have we found a good place to put the fix …

Hardening is our business... new monthly report ;-)
by Sven Vermeulen, post on Thu 27 June 2013

We're back with another report on the Gentoo Hardened project. Please excuse my brevity, as you've noticed I'm not that active (yet) due to work on an external project - I'll be back mid-July though. I promise.

On the Toolchain side, GCC 4.8.1 is in the tree and has …

Gentoo Hardened spring notes
by Sven Vermeulen, post on Thu 16 May 2013

We got back together on the #gentoo-hardened chat channel to discuss the progress of Gentoo Hardened, so it's time for another write-up of what was said.

Toolchain

GCC 4.8.1 will be out soon, although nothing major has occurred with it since the last meeting. There is a plugin …

Highlevel assessment of Cdorked and Gentoo Hardened/SELinux
by Sven Vermeulen, post on Tue 14 May 2013

With all the reports surrounding Cdorked, I took a look at if SELinux and/or other Gentoo Hardened technologies could reduce the likelihood that this infection occurs on your system.

First of all, we don't know yet how the malware gets installed on the server. We do know that the …