El 13/04/11 12:34, Anthony G. Basile escribió:
On 04/13/2011 01:54 AM, peter harmsen wrote:
Hello,
Hi, I'm sorry for taking so long to answer.
I have installed gentoo with hardened profile and toolset.
I'm willing to help with testing or whatever non dev related stuff.
kind regards,
peter
El 07/06/11 17:08, Michael Orlitzky escribió:
On 06/06/11 17:05, Matthew Thode wrote:
On Mon, 06 Jun 2011 16:38:06 -0400
Michael Orlitzky mich...@orlitzky.com wrote:
On 06/06/2011 03:54 PM, Sven Vermeulen wrote:
The last one now is of 20110602, which is fairly recent.
The autobuilds are
El 15/06/11 19:45, Sven Vermeulen escribió:
Or do we see if we can deviate from upstream here and start our own path (in
my opinion, we can't as long as we do not have a critical developer mass -
in numbers, not in kilogram).
Hey, I'm not that fat :P
signature.asc
Description: OpenPGP
El 05/08/11 14:37, Javier Juan Martínez Cabezón escribió:
Don't click in the link is a fucking spammer and maybe he could be
trying to exploit navigator vulnerabilities to get remote access.
Please Ban the mail sender ip, is the second time he did this..
Not the same IP but the same From: I'm
El 05/08/11 16:35, Javier Juan Martínez Cabezón escribió:
Maybe they are looking for a titular like this: gentoo hardened freaks
owned by L00$3R :-)
Indeed the account belonged to someone doing a contribution in 2004
that's what worries me the most, there must be many phantom users in
here since
El 05/09/11 01:07, Anthony G. Basile escribió:
I tested but hit a compile time error, but I didn't test very hard. If
you're instrested in RSBAC, please test and we'll start to bug report
and send patches upstream to help them out
blueness didn't state out but I will, RSBAC docs may be also
Hi Nico,
First of all don't get me wrong, read this assuming I have a big smile
in my face: I also have been a newbie and over all, its not everyday you
find somebody wanting to give a hand on the project.
First regarding your e-mails, strange as it may seem it would be more
helpful if you could
El 07/11/11 18:45, Javier Juan Martínez Cabezón escribió:
At least now (AFAIK) with KMS ioperm/iopl is not required, only
propietary drivers need them (and having them running is per se a
security bug).
I think this doesn't hold for radeon based on my empirical experience
should try again
El 18/11/11 03:18, Stan Sander escribió:
I did a sync and a world update earlier today and among the updates was
the 3.0.9 hardened sources. I built the new kernel with the same
settings as the previous one (3.0.8-hardened), using make oldconfig
however when I try to boot the 3.0.9 kernel
El 18/11/11 05:02, Stan Sander escribió:
I actually have the grsecurity turned off in the kernel right now,
though PAX is enabled. I'm still trying to transition to running
SELinux, then I'll turn on the grsecurity stuff. I have gradm because I
intend to eventually use it and I re-emerged it
El 07/01/12 22:08, Anthony G. Basile escribió:
Hi everyone,
A long time ago, Gentoo used to provide RSBAC sources. For those of you
unfamiliar with RSBAC = rules set based access control, it provides
hardening similar to grsec. See their web page at:
https://www.rsbac.org
These
El 24/01/12 12:52, Kevin Chadwick escribió:
On Tue, 24 Jan 2012 09:33:36 +0100
Tóth Attila wrote:
My only concern against bruteforce protection is the possiblity of a DoS.
But it's always better to get DoSed, than to get bruteforced...
Is ptrace disabled on hardened gentoo too?
No, but it
El 27/01/12 22:20, Alex Efros escribió:
Hi!
On Fri, Jan 27, 2012 at 03:14:12PM -0600, Matthew Thode wrote:
You should be using the virt profile.
Why? As far as I understand, virt profile is for guest OS, not host OS.
Virt profile is for both of them, that's why it is called virt. Anyway
and
El 06/02/12 08:59, Joseph C. Lininger escribió:
/var/tmp/portage/sys-devel/gcc-4.5.3-r1/work/gcc-4.5.3/gcc/config/i386/i386.md:
In function 'internal_dfa_insn_code':
/var/tmp/portage/sys-devel/gcc-4.5.3-r1/work/gcc-4.5.3/gcc/config/i386/i386.md:360:1:
internal compiler error: Bus error
Hi,
Hi guys,
I suppose some of you may know but a new developer has joined our ranks.
His name is Daniel though all of you that usually roam the
#gentoo-hardened channel may know him as lejonet.
I'd appreciate if you guys give him a warm welcome, you know filling his
address with bugs with requests
El 21/04/12 16:55, Vinícius Ferrão escribió:
Anthony,
All my hardened boxes have Unicode enabled by hand. Everything is fine. I
can't understand why it is disabled too.
Same here blueness, for me it can go and nobody will notice :D
signature.asc
Description: OpenPGP digital signature
floor
Also, attached to the e-mail you will find an event invitation may you
want to add the meeting time to your calendar so you don't forget about it.
We look forward to see you in the meeting.
Best regards,
Francisco Blas Izquierdo Riera (klondike)
Gentoo Hardened Project Staffer
BEGIN:VCALENDAR
El 08/06/12 09:44, Grant escribió:
I started a discussion on gentoo-user about the fact that the hardened
profile appears to only be for servers and not desktops. I thought
I'd check with you guys on this. Is that the case?
I have been using Gentoo on Desktop systems for some time, mainly
El 26/06/12 07:43, Michael Orlitzky escribió:
It's easy enough to set USE=-ipv6 manually of course, but the same
argument works for USE=ipv6. So, I think the default should be what
most people want; i.e. what the fewest people will have to override. Do
most hardened machines use ipv6?
These
El 26/06/12 08:26, Jonny Kent escribió:
On Jun 25, 2012, at 10:43 PM, Michael Orlitzky mich...@orlitzky.com wrote:
On 06/25/12 23:03, Alex Efros wrote:
Correct me if I'm wrong, but enabling IPv6 mean needs in supporting two
different routing tables and two different firewalls. Also, I
El 26/06/12 09:38, Darknight escribió:
Enable ipv6 use flag and disable ipv6 in /etc/sysctl.conf?
- no scary (j/k) ipv6 enabled by default
- ipv6 enabled in a matter of seconds without need for an internet
connection
The news item and a word about the sysctl thing in the docs would be
good.
El 27/06/12 09:19, Alex Efros escribió:
Safe, but don't working. Do you enable ipv6 USE flag just to force people
to either disable unintentionally enabled IPv6 in kernel and/or add this
ip6tables configuration?
No, we do it because otherwise the stage3 is unusable on ipv6 only
environments and
El 17/08/12 19:06, Grant escribió:
Interesting, I would have thought Gentoo would keep hardened-sources
in sync with upstream's recommendation/support.
There are a few reasons for that not being the case but of them I'd go
for the fact that in order to get stabilished a package must have been
on
:20120821T025547
LAST-MODIFIED:20120821T005824Z
DTSTAMP:20120821T005824Z
UID:6118b544-e261-4562-a063-cd40fca14bc4
SUMMARY:Gentoo Hardened Meeting
STATUS:CONFIRMED
ORGANIZER;RSVP=FALSE;CN=Francisco Blas Izquierdo Riera (klondike);CUTYPE=I
NDIVIDUAL:mailto:klond...@gentoo.org
ATTENDEE;RSVP=TRUE;PARTSTAT
El 22/08/12 20:19, Sven Vermeulen escribió:
On Tue, Aug 21, 2012 at 03:06:38AM +0200, Francisco Blas Izquierdo Riera
(klondike) wrote:
Hi
Time for meeting.
Agenda
1.0 Project leads
2.0 Toolchain
3.0 Kernel
4.0 Selinux
5.0 Grsec/PaX
6.0 Profile
7.0 System interity
8.0 Doc
9.0 Media
Hi folks!
As you may know last year we gave a talk at FOSDEM about the security
features of our project, which you can check at
http://video.fosdem.org/2012/crossdistro/Introduction_to_hardening,_the_Gentoo_Hardened_approach.webm
In general FOSDEM requires us to speak about development related
El 21/12/12 22:05, Grant escribió:
It turns out the extra choices are due to this patch:
https://github.com/init6/init_6/blob/master/sys-kernel/geek-sources/files/3.7.1/fix/kernel-37-gcc47-1.patch
I'm sorry to have bothered the hardened list with this. - Grant
Actually looks like a quite
El 28/01/13 22:59, Tóth Attila escribió:
hardened/linux/amd64/x32/ ?
http://lwn.net/Articles/500482/ says gcc-4.7 is a requirement.
Anybody using hardened x32? How mature it is? Does it copes well with PaX?
Just don't, IIRC 4.7.1 is still not supported.
signature.asc
Description: OpenPGP
El 23/08/13 22:05, Matthew Thode escribió:
On 08/23/2013 12:57 PM, Sven Vermeulen wrote:
Hi guys
The Gentoo Wiki is almost ready to host project pages. All documents on our
location are ready (converted in my home space into wiki format) and should
be easy to transfer within a few hours to
El 28/08/13 20:44, klondike escribió:
For those of you who prefer google calendar stuff:
https://www.google.com/calendar/event?action=TEMPLATEtmeid=NTdjaHZoZTc3NWJ2dnBmNmY2aDg5MmY3cjAgZnJhbnhpc2NvMTk4OEBttmsrc=franxisco1988%40gmail.com
Attached is also astandard ical invitation.
Idiot me set
El 02/09/15 a las 18:13, Anthony G. Basile escribió:
> Hi everyone,
>
> So by now most people have heard the news that the Grsecurity/PaX team
> are no longer going to be making their stable patches available. The
> reason is that they are in dispute with a certain embedded systems
> vendor and
El 19/02/16 a las 21:30, Alexander Tsoy escribió:
> В Fri, 19 Feb 2016 21:19:37 +0100
> Gandalf пишет:
>
>> Doing an update on my server today marked an update of the
>> hardened-sources. However, it was labelled 4.1.7 vs my installed version
>> 4.3.3. What is up? Is it
For those of you wondering about the future of hardened-sources. They
will be removed in a bit more than a month.
Input regarding the news item is more than welcome.
Title: sys-kernel/hardened-sources removal
Author: Francisco Blas Izquierdo Riera (klondike) <klond...@gentoo.org>
Posted: 2
El 15/08/17 a las 17:01, Francisco Blas Izquierdo Riera (klondike) escribió:
> Hi!
>
> I'd like to get this one up by Saturday so that we can proceed with
> masking and removing of the hardened-sources after upstream stopped
> releasing new patches.
>
> This is my first time
El 16/08/17 a las 09:40, Marek Szuba escribió:
> Two tiny bits of formal nitpicking from my side:
> - it's "grsecurity" (not a typo, they do use a lowercase g except when
> the name appears at the beginning of a sentence), not "grsec";
> - the patches were not *distributed by* grsecurity, they
El 16/08/17 a las 15:36, Robert Sharp escribió:
> On 16/08/17 11:09, Francisco Blas Izquierdo Riera (klondike) wrote:
>> El 16/08/17 a las 09:40, Marek Szuba escribió:
>>> Two tiny bits of formal nitpicking from my side:
>>> - it's "grsecurity" (not a typo,
to gentoo-hardened which is the porject's
mailing list.
El 18/08/17 a las 02:59, R0b0t1 escribió:
> On Tue, Aug 15, 2017 at 3:03 PM, Francisco Blas Izquierdo Riera
> (klondike) <klond...@gentoo.org> wrote:
>> El 15/08/17 a las 17:50, R0b0t1 escribió:
>>> Where was this d
El 21/06/17 a las 01:02, "Tóth Attila" escribió:
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
> The advisory suggests:
> 1. Increase the size of the stack guard-page to at least 1MB
> - I skip this point
> 2. Recompile all userland code with GCC's "-fstack-check" option
> - I
Executive summary
With Gentoo Hardened no ebuilds compiled with a hardened toolchain with
version 4.8 or higher should be affected by this issue as
-fstack-check=specific is enabled by default. The only known exceptions
are media-video/vlc and (on HPPA) dev-lang/tcl wich disable this feature.
El 23/06/17 a las 18:28, Anthony G. Basile escribió:
> Hi everyone,
>
> Since late April, grsecurity upstream has stop making their patches
> available publicly. Without going into details, the reason for their
> decision revolves around disputes about how their patches were being
> (ab)used.
>
>
40 matches
Mail list logo