Hey all,
Happy new year! In December, the focus was on finishing the move to our new
home. Updates were applied across the entire infrastructure.
In src, we reverted commit 8cf35a2cbe0270666845a5f2634cfc50c90696f1, which had
originally set the default umask to 027. This is a bit too strict to work in the
real world as a default for HardenedBSD, so we chose to revert back to 022.
In ports, textproc/jq was updated to 1.7.1. CFI and SafeStack were enabled for
textproc/jq. ports-mgmt/poudriere-hbsd was updated to 3.4.
The secadm project was brought up-to-date to account for recent VFS-related
changes in FreeBSD. The ports entry was updated accordingly.
While not an official HardenedBSD project, libhijack has given inspiration to
new hardening techniques. libhijack is a post-exploitation tool that can be used
to inject arbitrary code and hook dynamically-loaded functions. It's a tool that
I created with origins back to the early 2000's. libhijack can now inject shared
objects over the ptrace boundary anonymously. For those curious, the
project can be found here:
https://github.com/SoldierX/libhijack
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc