HardenedBSD March 2024 Status Report
12 views
Skip to first unread message
Shawn Webb
Mar 31, 2024, 1:46:07 PMMar 31
to HardenedBSD Users
Hey all,
What a busy month it has been! And not just for HardenedBSD, but for the rest of
the security and IT industries as we work through the xz backdoor
(CVE-2024-3094).
In src, the hbsdcontrol utility, and the library implementing the core logic
(libhbsdcontrol) were rewritten from the ground up. While the implementation is
now feature complete, there is still a bit of work to be done. Chiefly,
rewriting the manual pages. After the documentation is updated, I plan to also
integrate libucl support, to support JSON output and perhaps also support
applying rules specified by a configuration file.
In ports, www/firefox was fixed and the minimum llvm version number was bumped
for devel/boost.
Updates were applied across the entire infrastructure. A new build of hbsdfw (a
HardenedBSD-basd fork of OPNsense) was deployed. This build has some issues, so
I would recommend others not to deploy it, though it works fine enough for us to
keep this current build deployed.
Here's what to look for in April:
1. Continued work on {,lib}hbsdcontrol.
2. I'm hoping to study more the dance between the CSU, libc, libthr, and the
RTLD.
3. More work on libhijack, perhaps a new shim library that gets injected to help
aid further process injection work.
And, lastly:
$ fetch -q -o - https://api.github.com/repos/HardenedBSD/HardenedBSD | jq -r .created_at
2014-04-08T10:10:24Z
Happy birthday, HardenedBSD! May the next decade be as impactful as the previous.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
What a busy month it has been! And not just for HardenedBSD, but for the rest of
the security and IT industries as we work through the xz backdoor
(CVE-2024-3094).
In src, the hbsdcontrol utility, and the library implementing the core logic
(libhbsdcontrol) were rewritten from the ground up. While the implementation is
now feature complete, there is still a bit of work to be done. Chiefly,
rewriting the manual pages. After the documentation is updated, I plan to also
integrate libucl support, to support JSON output and perhaps also support
applying rules specified by a configuration file.
In ports, www/firefox was fixed and the minimum llvm version number was bumped
for devel/boost.
Updates were applied across the entire infrastructure. A new build of hbsdfw (a
HardenedBSD-basd fork of OPNsense) was deployed. This build has some issues, so
I would recommend others not to deploy it, though it works fine enough for us to
keep this current build deployed.
Here's what to look for in April:
1. Continued work on {,lib}hbsdcontrol.
2. I'm hoping to study more the dance between the CSU, libc, libthr, and the
RTLD.
3. More work on libhijack, perhaps a new shim library that gets injected to help
aid further process injection work.
And, lastly:
$ fetch -q -o - https://api.github.com/repos/HardenedBSD/HardenedBSD | jq -r .created_at
2014-04-08T10:10:24Z
Happy birthday, HardenedBSD! May the next decade be as impactful as the previous.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages