Thanks a ton!
On Sun, Dec 7, 2008 at 11:24 AM, Thomas Sachau <[EMAIL PROTECTED]> wrote:
> Matt Poletiek schrieb:
>> I need some advice on this one. Never seen anything like it and am
>> wondering if it's a cause for concern...
>>
>>
>> These are
I need some advice on this one. Never seen anything like it and am
wondering if it's a cause for concern...
These are the packages that would be merged, in order:
Calculating world dependencies -!!! Digest verification failed:
!!! /usr/portage/net-firewall/iptables/iptables-1.4.0-r1.ebuild
!!! R
I am young, I am inexperienced when it comes to OSS development, I
have only minor programming experience, however I am probably one of
the biggest fans of the hardened-gentoo project. I have a good
knowledge base when it comes to security and it would kill me to see
one of the best security projec
This doesnt bypass Trusted Path Execution does it?
If not, is it safe to say users in that special group can still be trusted?
On Feb 11, 2008 9:19 AM, Michael W Spitzer <[EMAIL PROTECTED]> wrote:
>
> On Feb 11, 2008 10:09 AM, Dominik Paulus <[EMAIL PROTECTED]> wrote:
>
> >
> > Octavio Ruiz wrote:
What about the hardened and pic USE flags in the hardened profile? Are
those still of use?
Also, is there a way to test ssp functionality against return to
function (memcpy and strcpy) ?
On 10/23/07, Ned Ludd <[EMAIL PROTECTED]> wrote:
> On Tue, 2007-10-23 at 16:55 -0600, Matt Polet
TED]> wrote:
> On 23 Oct 2007 at 21:03, Javier Martínez wrote:
>
> > 2007/10/23, Matt Poletiek <[EMAIL PROTECTED]>:
> > > Any idea why when I add -fstack-protector-all and -fstack-protector to
> > > CFLAGS paxtest still compiles with -fno-stack-protector
&g
Any idea why when I add -fstack-protector-all and -fstack-protector to
CFLAGS paxtest still compiles with -fno-stack-protector
-fno-stack-protector-all ?
--
Matthew Poletiek
www.chill-fu.net
--
[EMAIL PROTECTED] mailing list
Ok, that clears up some confusing.
So changing the perms of /var/qmail/plugins worked
Now I need to debug my plugin :/
Thanks for the help
On 10/23/07, Adam James <[EMAIL PROTECTED]> wrote:
> On Tue, 23 Oct 2007 01:15:05 -0600
> "Matt Poletiek" <[EMAIL PROTECTED]>
Hey guys, I was attempting to write a plugin for my qmail-spp enabled
netqmail package when I ran into the following issue...
hackdmz control # nc localhost 25
220 hackdmz.net ESMTP
ehlo test
250-hackdmz.net
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN
mail from [EMAIL
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
# CONFIG_PAX_NO_ACL_FLAGS is not set
CONFIG_PAX_HAVE_ACL_FLAGS=y
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
# CONFIG_PAX_PAGEEXEC is n
AIL PROTECTED]> wrote:
> On 24 Aug 2007 at 1:32, Matt Poletiek wrote:
>
> > So did hardened-gentoo become more strict or did apache become more relaxed?
>
> i think neither, it's probably an issue with the vma mirroring
> code that i rewrote for 2.6.22 (to reduce its pe
${APACHE2}
${APACHE2_OPTS} -t
among all the combinations I tried I could only get apache running
with -PemRXs :/
On 8/24/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On 24 Aug 2007 at 1:52, Matt Poletiek wrote:
>
> > I dont have strace available at the moment, but I can say that
I dont have strace available at the moment, but I can say that paxctl
-PemRXs /usr/sbin/apache2 did alleviate the problem in the newer
kernel.
On 8/24/07, Matt Poletiek <[EMAIL PROTECTED]> wrote:
> So did hardened-gentoo become more strict or did apache become more relaxed?
>
>
So did hardened-gentoo become more strict or did apache become more relaxed?
On 8/24/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On 23 Aug 2007 at 23:14, Matt Poletiek wrote:
>
> > What I found in the error_log was
> >
> > Syntax error on line 242 of /etc/
ROTECTED]> wrote:
> Le vendredi 24 août 2007, Matt Poletiek a écrit:
> > Hey guys,
>
> Hi,
>
> > Wondering if anyone has any advice on an issue I ran into when I
> > tried to upgrade my kernel from 2.6.21-r1 to 2.6.22-r2.
> >
> > Everything else seemed t
Hey guys,
Wondering if anyone has any advice on an issue I ran into when I tried
to upgrade my kernel from 2.6.21-r1 to 2.6.22-r2.
Everything else seemed to work fine except apache 2.0.58. For some
reason it wouldnt start.
What I found in the error_log was
Syntax error on line 242 of /etc/apach
My guess would be that the man power behind Gentoo/Portage has their
own priorities? In my opinion, developers with security as a top
priority are still fairly obscure.
Can we say demand?
On 6/10/07, Krzysztof Kozłowski <[EMAIL PROTECTED]> wrote:
Marek Wróbel wrote:
> But there are many modules
ut I'm about 99% sure you don't need to recompile your
userland. Since you're using a hardened stage compiler flags should all
be set correctly too, and that's what really matters...
Regards,
Michael
Op zondag 20-05-2007 om 04:32 uur [tijdzone -0600], schreef Matt
Poletiek:
&g
Im guessing this might require a toolchain/userland rebuild if
COMPAT_VDSO is the culprit since a recompile-reboot didnt change the
output of paxtest. Can anyone validate this?
On 5/20/07, Matt Poletiek <[EMAIL PROTECTED]> wrote:
Yup, I sure do have that enabled. I am pretty sure I didnt
5/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On 20 May 2007 at 2:19, Matt Poletiek wrote:
> PaX --->
> Non-executable pages --->
> [*] Enforce non-executable pages
>
> is the only option I see. I hope im blind :S
you probably enabled COMPAT_VDSO
PaX --->
Non-executable pages --->
[*] Enforce non-executable pages
is the only option I see. I hope im blind :S
On 5/20/07, Andrew Ross <[EMAIL PROTECTED]> wrote:
> Hello all, I just finished installing hardened gentoo on an i686 dual
> p3 system and have some questions. I used the
If I make the change will I have to recompile the toolchain&userland?
Just booting the new kernel didnt fix anything.
On 5/20/07, lnxg33k <[EMAIL PROTECTED]> wrote:
Matt Poletiek wrote:
> What do I lose by disabling it? If I am reading this correctly all the
> grsec featur
What do I lose by disabling it? If I am reading this correctly all the
grsec features will be on by default if sysctl support is disabled?
On 5/19/07, lnxg33k <[EMAIL PROTECTED]> wrote:
Matt Poletiek wrote:
> However, this time (on the dual p3 system) paxtest is still able to d
Hello all, I just finished installing hardened gentoo on an i686 dual
p3 system and have some questions. I used the 2006.1 install CD and
the stage3-hardened-2007.0 tarball. After configuring the kernel and
recompiling the toolchain (binutils, gcc, virtual/libc) I did an
'emerge -e world'. This is
Another voice in agreement with the first.
On 4/16/07, Calum <[EMAIL PROTECTED]> wrote:
I remember the days, when summers were hot, winters were cold, and
notifications about kernel security were made using GLSAs.
Then they stopped without warning, and I posted:
http://archives.gentoo.org/gento
t 5:53, Matt Poletiek wrote:
> I was upgrading my kernel/patching it with grsec the other day when
> all of a sudden I couldnt su as a normal user anymore. I dont know how
> this would apply considering the new kernel wasnt (and still isnt)
> booted yet.
given that the logs come fr
I was upgrading my kernel/patching it with grsec the other day when
all of a sudden I couldnt su as a normal user anymore. I dont know how
this would apply considering the new kernel wasnt (and still isnt)
booted yet.
when attempting to execute 'su' as a normal error I get these grsec logs
grsec
Ahh thats it. Thanks
On 10/5/06, Brian Davis <[EMAIL PROTECTED]> wrote:
No can do if you have a current glibc (2.4). The hardened profile only
allows for glibc2.3 and gcc3.x. I don't believe there are any time
frames to solve this problem either :(. I'm currently following the 1/3
install guide
Or a reinstall is possible.
http://gentoo-wiki.com/Reinstall_Gentoo_keeping_your_old_configuration
On 10/5/06, Matt Poletiek <[EMAIL PROTECTED]> wrote:
As far as I know a switch is impossible if you are running latest
glibc. Downgrading is not a good idea at all and I dont think portag
As far as I know a switch is impossible if you are running latest
glibc. Downgrading is not a good idea at all and I dont think portage
will let you do it. I heard something about SELinux switching to glibc
2.4 so there should be gcc-4.1-hardened not far off.
On 10/5/06, Darknight <[EMAIL PROTECT
Is blacksun.labs.pulltheplug.org down? or are those documents hosted
somewhere else?
On 4/18/06, Andrew Griffiths <[EMAIL PROTECTED]> wrote:
>
> Hello :)
>
> On Fri, Apr 14, 2006 at 09:37:36AM -0400, solar wrote:
> > I guess I should pass this along to this list.
> >
> > blacksun is a PullThePlug
31 matches
Mail list logo
