; Thanks in advance,
>
> --
> Jason K Larson
>
> --
> gentoo-hardened@gentoo.org mailing list
--
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-30-5962-962
Attila Toth MD, Radiology Radiologist in Training, +36-30-5962-962
--
gentoo-hardened@gentoo.org mailing list
Ned Ludd said:
> On Sun, 2005-05-29 at 15:02 +0200, Tóth Attila wrote:
>
>> Beside modifying profile symlink you shouldn't need "pic" and "pie"
>> flags in your make.conf any more.
>
> You need USE=pic if your going to use the hardened toolchain o
o Hardened, you cant stop it.
--
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-30-5962-962
Attila Toth MD, Radiology Radiologist in Training, +36-30-5962-962
--
gentoo-hardened@gentoo.org mailing list
nreliable" most apps now seem to go directly to
>> /dev/urandom
>> which is similar, but doesn't block once the entropy pool is empty
>> (simply
>> the quality of random numbers declines) - however, it's reverting to a
>> pseudo
>> random number algorithm
>
> Right, he simply turned /dev/random into /dev/urandom.
> I was under the impression the entropy key was simply a fancy PRNG. Now
> that I know it offers
> true randomness, I'm more impressed. Also curious exactly what it uses as
> a source.
http://www.entropykey.co.uk/tech/
Be aware of a 2.6.31 USB serial driver bug - already fixed.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
Thanks for all the dedicated developers working on the hardened project.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
On Ked, Április 20, 2010 02:00, Anthony G Basile wrote:
> On Tue, 2010-04-20 at 01:35 +0
or:
http://lmgtfy.com/?q=hardened-sources-2.6.33
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.Május 15.(Szo) 11:37 időpontban Constantine Kardaris ezt írta:
> add "anarchy" o
and-kernel combo. The only application where it was disturbing for me
is OpenOffice, where the audience should wait more while changing slides.
So I don't use it for presentations. Otherwise I opt for security over
speed - where I can make a choice.
Regards:
Dw.
--
dr Tóth Attila, Radiológus,
Interesting: it went unnoticed on my part!
However /proc/sys/kernel/modules_disabled is still there. That's why my
init script hadn't complained.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2
the program after that.
I wonder if PaXTeam could comment on these...
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
Thanks for posting the log on the list.
Is there a way to know when will the next meeting take place?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.Augusztus 21.(Szo) 15:45 időpontban Magnus Granberg
I do not really see gcc-4.4.4-r2. I only aware of gcc-4.4.4-r1. I'm using
anarchy's repo because of the kernel and I'm also watching
hardened-development, which seems to be empty for a while now. Am I
missing a repo?
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
You 'll have to make a compromise. I run hardened gentoo on my laptop.
Everyday use requires loosening the security settings here-and-there.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.Szeptember 17.(P)
Thanks for the feedback about the sources.
What about the toolchain? What are the gcc, binutils and glibc versions
supported? What versions of the toolchain components advised for the brave
folk?
Thx:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist
7: Called die
>>
>> Doing `paxctl -m /usr/bin/python2.6` works around this issue.
>>
> Yeah, python 2.6 uses a lot of ugly rwx mappings causing these kind of
> bug.
>
>
For exmaple python-UNO bridge works only after `paxctl -m`ing python...
All runtime interpreters do ugly rwx things...
http://www.youtube.com/watch?v=XHosLhPEN3k
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
It is a good candidate to become a conditional patch for hardened.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.November 3.(Sze) 19:09 időpontban Ed W ezt írta:
> On 28/10/2010 02:14, Pavel Labushev wr
That was a smooth transition. The claimed packages seems to be the same.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.November 20.(Szo) 14:54 időpontban Anthony G. Basile ezt írta:
>
> Hi everyone,
>
&
Looks like I need some lessons again about RTFM.
Additional socket families must be unlocked starting from grsec 2.2.1...
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
s the proper rule to solve this?
I would rather not grant raw socket access to all daemons of the system...
Why?...
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
wouldn't say heavy IO. The memory is OK,
the harddrive is perfect.
I can dd the whole hdd to my backup booting on a gentoo CD.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2010.December 26.(V) 21:06 időpontban pagee...@freemail.hu e
2010.December 30.(Cs) 21:35 időpontban pagee...@freemail.hu ezt írta:
> On 30 Dec 2010 at 20:29, "Tóth Attila" wrote:
>
>> There were two screen shots attached. The older one was outdated related
>> to 2.6.32 kernel.
>>
>> But the other was a recent panic.
No errors were found after 12 hours of memtest.
However some serious crashes still occur.
I attach snippets of kern.log.
Is it still suggests a hardware error?
I have to try out another laptop. That is not convenient...
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD
case of a kernel problem? Are there any useful suggestions
- besides changing architecture (which is not possible at the moment)?
Thanks:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Január 4.(K) 17:46 időpontban pagee...@freemail.hu ezt írta
emerging
qt-gui? Are there any memtest equivalent for checking the CPU?
Thx:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Január 4.(K) 19:18 időpontban pagee...@freemail.hu ezt írta:
> On 4 Jan 2011 at 19:38, "Tóth Attila" wrot
than the CPU and the memory. I don't have enough time and energy to
replace the motherboard. Somehow I still have to do it. And these symptoms
are rather nasty and rude...
I think it's a hardware error related to the specific system. Sorry for
the noise.
Regards:
Dw.
--
dr Tóth Attila,
to first device entry */
- offset = sizeof(struct irda_device_list) -
- sizeof(struct irda_device_info);
-
/* Copy the list itself - watch for overflow */
if(list.len > 2048)
{
What are your suggestions?
Thx
was declared here
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Január 13.(Cs) 20:38 időpontban "Tóth Attila" ezt írta:
> Compiling the recent hardened-sources results in the following error
> message, when irda i
re of the problem? Is it an intended
movement to drop __guard? I know, that it's obsolete. I would suggest to
communicate this in an enews or whatever for all hardened users. Or I may
be the only one, who rolls the system without regular world recompiles?
Regards:
Dwokfur
--
dr Tóth Attila,
tila is my firstname. Hungary is big-endian regarding name ordering...
:) Or simply call me Dwokfur.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Február 10.(Cs) 16:27 időpontban Anthony G. Basile ezt írta:
> Hi Toth,
>
> You're ge
I've been running nut & upsd without ipv6 (either in kernel or userland)
for ages on Hardened x86.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Február 21.(H) 19:34 időpontban sch...@subverted.org ezt írta:
> On Sat,
eed to disable asm code. We do that most times with
> the
> pic use flag on hardened profile.
>
> /Magnus
I'm still running Hardened on x86. I'm thinking of the optimal time to
switch to amd64. Is it better from the security point of view?
I assume, that it's easier to ma
2011.Február 27.(V) 16:19 időpontban Pavel Labushev ezt írta:
> 27.02.2011 21:53, Anthony G. Basile пишет:
>
>> An example of where it does is an attempt to defeat address space
>> randomization by brute force. 32-bit address space is only 4G which is
>> not impossibly large for success by brute f
2011.Február 27.(V) 17:33 időpontban Ed W ezt írta:
> On 27/02/2011 08:20, klondike wrote:
>> 2011/2/27 Ed W:
>>> On 26/02/2011 18:01, Magnus Granberg wrote:
If you have read the last meeting we will be removing the pic use flag
as
default on in the hardened amd64 profile. We will st
-hardened
gentoo-1.12.14
apache-2.2.16
openssl-1.0.0d
openssh-5.8_p1-r1
I couldn't find any other useful messages in the log.
How I should continue tracking down the problem?
Please help me:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Április 17.(V) 03:49 időpontban Alex Efros ezt írta:
> Hi!
>
> On Sun, Apr 17, 2011 at 02:17:21AM +0200, "Tóth Attila" wrote:
>> Reverting to the old binary makes the problem go away.
>
> Any chance it's as trivial as somehow modified old binary - like with
2011.Április 17.(V) 13:20 időpontban Magnus Granberg ezt írta:
> söndag 17 april 2011 12.27.19 skrev Tóth Attila:
>> 2011.Április 17.(V) 03:49 időpontban Alex Efros ezt írta:
>> > Hi!
>> >
>> > On Sun, Apr 17, 2011 at 02:17:21AM +0200, "Tóth Attila"
problem or I'm alone?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Thanks for the idea, but
# CONFIG_PARAVIRT_GUEST is not set
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Május 7.(Szo) 14:35 időpontban Pavel Labushev ezt írta:
> 07.05.2011 20:34, Pavel Labushev пишет:
>
>> Try to disable CON
question is that which binary
checks dependent services running and what it tries to do?
Anyone have a clue?
Thx:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
interface is in the
correct mode now after reboot. Loading the module now happens before
locking down the system.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
fix the error message
supplied by grsec - apart from the workaround.
Regards,
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
teach the system the suggested alias and how I make a
binary to ask for the proper CAP.
Thanks:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
uld definitely make the grsec messages disappear.
I'll try to figure out what happens regarding reading and writing the bond
mode during boot.
Compiling it in the kernel with modified defaults solves all problem, but
it's not a real solution.
Thanks for your time:
Dw.
--
dr Tóth Attila
2011.Szeptember 7.(Sze) 20:57 időpontban Ed W ezt írta:
> On 03/09/2011 21:38, "Tóth Attila" wrote:
>>
>>> It turns out that you can compile it static and change mode upon
>>> booting
>>> by echoing values to /sys/class/net/bond0/bonding/mode. I do
learning mode.
But I couldn't figure out what is missing from the policy.
So any of you might know what binary tries to change the ownership of elog
running in the name of which user?
Thanks for any hints:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
What if somebody uses a custom set of config options instead of the gentoo
predefined profiles?
Which kernel option is responsilbe to enable the new design?
Thanks:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.Szeptember 20.(K) 14:14
me a day of
useless compiles failing at the end while linking if I would have removed
the old library for the first time.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
it
can be expected.
Any clues on what can be a problem and to where I should report it?
Another one:
libreoffice 3.4.4.2-r1 wouldn't start with -jemalloc. It tries RWX mapping
immediately upon start, which it didn't want to do previously. The USE
flag has been recently introduce
Cannot start Firefox as well. Libreoffice either.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.December 9.(P) 14:17 időpontban Kevin Chadwick ezt írta:
> Has anyone tried Opera 11.60 with a grsecurity patched kernel.
>
> 11.52 worked
install phase while xpcshell command tops
CPU usage for hours. Shutting down the process makes the ebuild die.
Issuing the command again on the compiled sources triggers the same error.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Thanks for the info.
I'm screaming into my pillow.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.December 30.(P) 22:12 időpontban Wirt Wolff ezt írta:
> Excerpts from Sven Vermeulen's message of Fri Dec 30 05:28:01 -0700 2011:
>
urity.
Nowdays I would rather run libreoffice and firefox in a jail. But I have
no time to set up an environment and grsec policy for it.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2011.December 31.(Szo) 13:05 időpontban pagee...@freemail.hu ezt írta:
tter! :-)
Happy New year:
Dw. (Central European Timezone)
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Január 1.(V) 01:39 időpontban 7v5w7go9ub0o ezt írta:
> On 12/31/11 08:43, "T?th Attila" wrote:
>> Isn't it miserable
-2.14.1.so
* Generated new 2_ldpath.rr
* Checking dynamic linking consistency
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Thanks mike!
It's definitely a sed bug, which needs new glibc and certain locales
(hu_HU.UTF-8 in my case) to get triggered. Nasty.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Január 6.(P) 00:53 időpontban Mike Frysinger ezt írta:
no-multilib?
Thank you for sharing your opinion:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Please take a look at on this exploit:
http://blog.zx2c4.com/749
It is interesting to think about /proc/pid/mem protection and about
building su with PIE enabled...
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Január 24.(K) 02:35 időpontban Francesco R.(vivo) ezt írta:
> On Tuesday 24 January 2012 00:49:19 Tóth Attila wrote:
>> Please take a look at on this exploit:
>> http://blog.zx2c4.com/749
>> It is interesting to think about /proc/pid/mem protection and about
>> b
in grsec ;).
My only concern against bruteforce protection is the possiblity of a DoS.
But it's always better to get DoSed, than to get bruteforced...
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
r: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 9
Size of section headers: 40 (bytes)
Number of section headers: 25
Section header string table index: 24
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Att
e?
Please let me know where I can ask for proper help. Gentoo install still
talks about net. Is there a document on how to set up bonding with the new
network config syntax?
Ridiculous:
Dwokfur
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
I was lucky to hit this one:
https://bugs.gentoo.org/show_bug.cgi?id=400613
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Január 26.(Cs) 02:15 időpontban "Tóth Attila" ezt írta:
> I'm sorry for being offtopic, but
n't logged the first page of dmesg in
kernel.log.
I don't experience this using hardened-3.1.8.
I don't know if it's a known problem. I'll try hardened-3.2.2 later.
Thanks:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
201
3*512kB
1*1024kB 2*2048kB 282*4096kB = 1166748kB
5258 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap = 0kB
Total swap = 0kB
524112 pages RAM
296802 pages HighMem
12058 pages reserved
3473 pages shared
7713 pages non-shared
But modules are stil
Less and less people uses x86 nowdays. On my Pentium M and Athlon MP
system it builds OK.
Please let us know how the build dies.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 6.(H) 04:28 időpontban Joseph C. Lininger ezt írta:
> Ho
I'll double-check it on my systems.
The relevant snippet of the build log would be nice.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 6.(H) 07:42 időpontban Joseph C. Lininger ezt írta:
> You're right, less and less peo
There's a snippet in your ebuild:
"append-flags -mno-avx"
What is the problem with avx? Is it an option counteracting with security?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 15.(Sze) 18:10 időpont
7;m
interested in any security effect of a compiler option (like creating
textrels or so). If it's a security problem, I won't use corei7-avx, but
rather go for simple corei7.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Feb
Thanks for the link! It's clear now. You need a recent CPU and a recent
gcc to trigger this.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 19.(V) 23:01 időpontban Hinnerk van Bruinehsen ezt írta:
> -BEGIN PGP SIGNED
ange to another user (mail or dovecot). It seems the kernel
incorrectly recognized the change of the UID.
I suspect the problem is related to the security features of the kernel.
But I thought it would be good to inform the list about this.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
C was not enabled, so I
shouldn't have to boot and older kernel.
Which version of gradm is ought to be compatbile with hardened-sources-3.2.7?
Regards,
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
e the incompatible versions to keep the system
safer.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Március 2.(P) 14:32 időpontban Anthony G. Basile ezt írta:
> On 03/01/2012 04:26 PM, "Tóth Attila" wrote:
>> W
yes: what should I do?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Március 29.(Cs) 21:52 időpontban PaX Team ezt írta:
> On 30 Mar 2012 at 20:12, wrote:
>
>> On Thu, 29 Mar 2012, Sven Vermeulen wrote:
>>
>&
fails. The symptoms are present with
or without activated RBAC.
There were no RLIMIT_AS grsec messages or failed shared library loads
using hardened-sources-3.2.9 (grsecurity-2.9-3.2.9-201203022148) or
hardened-sources-3.2.9-r1 (grsecurity-2.9-3.2.9-201203062051).
Should I open a bug report?
--
dr
ir)/libreoffice/program/unopkg.bin
as well?
Should I open a bug for it?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Regarding #394443 you find a fix there. No need for marking on x86.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Május 16.(Sze) 21:35 időpontban Maxim Kammerer ezt írta:
> On Wed, May 16, 2012 at 9:06 PM, RB wrote:
>> I don't l
What's the difference between your kernel konfig and Liberté Linux
2012.1's kernel konfig? Because you told it worked for you.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Május 17.(Cs) 00:41 időpontban RB ezt írta:
>
the way /dev gets mounted? I don't have noexec as an
option listed by mount for the udev entry.
In my policy file Xorg is permitted to execute /dev/mem: is that no longer
needed? I use the radeon driver, not the proprietary.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth
2012.Május 17.(Cs) 17:08 időpontban Maxim Kammerer ezt írta:
> On Thu, May 17, 2012 at 5:40 PM, "Tóth Attila"
> wrote:
>> How would I change the way /dev gets mounted? I don't have noexec as an
>> option listed by mount for the udev entry.
>
> I mount dev
hould pull the brakes, please.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
report it
upstreams?
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
it is non-Gentoo specific. I hope this workflow also OK for
PaXTeam.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Június 4.(H) 20:48 időpontban Anthony G. Basile ezt írta:
> On 06/01/2012 10:10 PM, PaX Team wrote:
>
>>
needs some extra work for Spender and PaxTeam to port Grseurity
to 3.4.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
or a hardened solution - instead of a binary distro. Thanks for all
effort of the developers.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Június 8.(P) 21:40 időpontban Kevin Chadwick ezt írta:
> On Fri, 8 Jun 2012 16:06:37 +0300
>
2012.Június 8.(P) 23:52 időpontban "Tóth Attila" ezt írta:
> I think Hardened Gentoo install is not substantially more complicated to
> install compared to a regular Gentoo install nowdays. It would be the
> recommended first distro for a newbie. If there would be some popular
from the CERT's page:
http://hup.hu/cikkek/20120613/sysret_64_bites_opereracios_rendszer_privilege_escalation_sebezhetoseg_intel_cpu-s_hardveren#comment-1469883
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
55 is more recent. Clearly because of the
additional version digit.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Thanks for the info.
I see new spidermonkey version has the necessary -jit treatment. However
gjs doesn't like it. Now it's getting complicated...
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Június 21.(Cs) 03:30 időpontban Magnus Gr
dened-sources-3.5.1-r2.ebuild:
vanilla-3.5.1 + genpatches-3.5-2 + grsecurity-2.9.1-3.5.1-201208132030
They are doing a good job.
So: big thanks.
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Augusztus 17.(P) 19:06 időpontban Grant ezt írta:
It's because of the size_overflow plugin.
Take a look at this bug:
https://bugs.gentoo.org/show_bug.cgi?id=430906
It is promised to get fixed soon.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Augusztus 20.(H) 17:43 időpo
u may still find some denials in your log.
You should accomodate the policy based on the remaining denials.
As the systems gets regularly updated some components will behave
differently, so the policy should incorporate these changes from time to
time.
Regards:
Dw.
--
dr Tóth Attila, Radiológus,
mpile
these binaries? Are there any PaX or Grsec kernel options with a potential
influence?
Should I accept, that I cannot compile thunderbird or seamonkey on a 32bit
architecture having 4G of RAM these days?
If anybody have an idea, please don't hesitate.
Regards:
Dwokfur
--
dr Tóth Attila, Rad
I also started to be afraid. I have only 8Gb in my 64bit laptop and I'm
currently replacing the server (not because of the symptoms) to core-i7
with 16Gb of RAM. How long will it be enough if 3.6Gb on a 32bit already
too small?
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila To
Thx:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Szeptember 7.(P) 14:44 időpontban PaX Team ezt írta:
> On 7 Sep 2012 at 14:16, "Tóth Attila" wrote:
>
>> Omitting "-pipe" from CFLAGS didn't help. What e
You may use some dedicate hardware to make your server not the first in
the row to fail in case of an entropy exhaustion attack.
http://www.entropykey.co.uk/
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.Szeptember 19.(Sze) 01:27 időpontban
> [21:36:15] Miklos Suchanek (on https://lwn.net/Articles/439320/)
mentioned that the user.* needed some more thoughts due to "kernel
memory use" but I have no idea what he meant
- Miklos Szeredi wrote the email to Michal Suchanek.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 0
Integrity Measurement Architecture sounds interesting.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2012.December 19.(Sze) 20:00 időpontban 7v5w7go9ub0o ezt írta:
> Found this interesting:
>
> <http://www.h-online.com/open/features/Kerne
Since most users would start changing
from core2 to corei7* and not from generic_x86. Although it's highly
possible, that I'm reading the results wrong. So please confirm.
Merry Christmas:
Dwokfur
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
Regarding the panic also see:
CONFIG_GRKERNSEC_BRUTE kernel config option.
It tries to counteract brute-forcing probes.
In case of process running as a user it kills, if it's running as root it
makes the system panic.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist
I'm using [20] hardened/linux/amd64/no-multilib.
If it will be discontinued, please let us know about the proper
replacement profile.
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2013.Január 27.(V) 15:32 időpontban Anthony G. Basil
hardened/linux/amd64/x32/ ?
http://lwn.net/Articles/500482/ says gcc-4.7 is a requirement.
Anybody using hardened x32? How mature it is? Does it copes well with PaX?
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
2013.Január 28.(H) 22:16 időpontban
1 - 100 of 192 matches
Mail list logo
