The mix of libffi with other changes
by Sven Vermeulen, post on Sun 03 November 2013I once again came across libffi. Not only does the libffi approach fight with SELinux alone, it also triggers the TPE (Trusted Path Execution) protections in grSecurity. And when I tried to reinstall Portage, Portage seemed to create some sort of runtime environment in a temporary directory as well, and …
Securely handling libffi
by Sven Vermeulen, post on Sun 28 April 2013I've recently came across libffi again.
No, not because it was mentioned during the Gentoo
Hardened online meeting, but
because my /var/tmp
wasn't mounted correctly, and emerge (actually
python) uses libffi. Most users won't notice this, because libffi works
behind the scenes. But when it fails, it fails bad …