Inheritable file system capabilities

2013-10-10 Thread Florian Weimer
, that is). So making these capabilities non-inheritable makes sense to me. Comments? -- Florian Weimer / Red Hat Product Security Team -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security

Re: btrfs snapshots, rollbacks

2014-02-13 Thread Florian Weimer
folks might already have something. -- Florian Weimer / Red Hat Product Security Team -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security

Re: available crypto policies

2014-03-27 Thread Florian Weimer
are appreciated. Do you expect that the signature algorithm restrictions will apply to the self-signatures as well? -- Florian Weimer / Red Hat Product Security Team -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security

Enable GCC hardening by default

2014-03-31 Thread Florian Weimer
This was briefly discussed over on debian-devel. Would this something Fedora might want to do, too? Original Message Subject: Re: Bits from the Security Team Resent-Date: Sat, 08 Mar 2014 18:24:06 +0100 Resent-From: Florian Weimer f...@deneb.enyo.de Resent-To: fwei

Re: TCP connections restricted to specific users

2014-04-17 Thread Florian Weimer
On 04/16/2014 11:33 AM, Pavel Kankovsky wrote: Is there some way to pass on user information with IPsec? SELinux can do it with security contexts: http://selinuxproject.org/page/NB_Networking#Labeled_IPSec Ah, okay, this is an option at least. Thanks. -- Florian Weimer / Red Hat Product

Re: [Secure Coding] master: sect-Defensive_Coding-TLS-OpenSSL: Mention openssl genrsa entropy issue (564ffc8)

2014-04-28 Thread Florian Weimer
we cannot update it right now. Eric has the details. -- Florian Weimer / Red Hat Product Security Team -- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security

Re: available crypto policies

2014-06-06 Thread Florian Weimer
On 06/05/2014 04:41 PM, Eric H. Christensen wrote: Who still uses 1024-bit keys? You aren't finding a CA to sign them. By default, sshd uses 1024 bits for the protocol 1 ephemeral server key. -- Florian Weimer / Red Hat Product Security Team -- security mailing list security

Re: [Secure Coding] master: Added RSA key generation procedures (56f3511)

2014-06-09 Thread Florian Weimer
been initialized. I proposed a patch to add a variable under /proc/sys, but that wasn't accepted. There have been some recent discussions on the kernel and systemd side, but no one feels responsible, so there hasn't been any actual progress. -- Florian Weimer / Red Hat Product Security Team

Re: Modularity and needed changes on CVE handling side?

2017-05-26 Thread Florian Weimer
On Fri, May 26, 2017 at 10:25 AM, Stanislav Ochotnicky wrote: > > Hi folks, > > this is just to make sure things won't come up as a surprise. I am > assuming there are a few things that might need to be tweaked on your > end due to incoming Fedora modularity. > > I think