Securely handling libffi
by Sven Vermeulen, post on Sun 28 April 2013I've recently came across libffi again.
No, not because it was mentioned during the Gentoo
Hardened online meeting, but
because my /var/tmp wasn't mounted correctly, and emerge (actually
python) uses libffi. Most users won't notice this, because libffi works
behind the scenes. But when it fails, it fails bad …
Using strace to troubleshoot SELinux problems
by Sven Vermeulen, post on Wed 24 April 2013When SELinux is playing tricks on you, you can just "allow" whatever it wants to do, but that is not always an option: sometimes, there is no denial in sight because the problem lays within SELinux-aware applications (applications that might change their behavior based on what the policy sais or …