HardenedBSD July 2021 Status Report
1 view
Skip to first unread message
Shawn Webb
Jul 31, 2021, 10:38:34 AM7/31/21
to HardenedBSD Users
Hey all,
July saw a few changes. I started on some library code (liblattutil)
that our infrastructure monitoring project (hbsdmon) will use. I also
opened some bug reports (listed below) that I'd like help with.
I hardened the kenv facility to make it available to a non-jailed
privileged user only. Loic removed the toor account in 14-CURRENT, so
if you use the toor account (or plan to make use of it), you'll want
to manage that account yourself. Loic added a "download only" option
to hbsd-update in 14-CURRENT (soon to be MFC'd back to 13-STABLE and
12-STABLE). Loic also disabled core dumps by default on 14-CURRENT.
Those who want to re-enable core dumps can set the `kern.coredump`
sysctl node to `1`.
Issues we need help with (I've added a few from other months):
1. Identify ports broken due to our use of llvm-ar, llvm-nm, and
llvm-objdump:
https://git.hardenedbsd.org/hardenedbsd/ports/-/issues/12
2. hbsd-update -r /path/to/empty/directory failes:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/55
3. Resolve cfi-icall violations:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/48
4. Add module to monitor swap usage:
https://git.hardenedbsd.org/hardenedbsd/hbsdmon/-/issues/5
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
July saw a few changes. I started on some library code (liblattutil)
that our infrastructure monitoring project (hbsdmon) will use. I also
opened some bug reports (listed below) that I'd like help with.
I hardened the kenv facility to make it available to a non-jailed
privileged user only. Loic removed the toor account in 14-CURRENT, so
if you use the toor account (or plan to make use of it), you'll want
to manage that account yourself. Loic added a "download only" option
to hbsd-update in 14-CURRENT (soon to be MFC'd back to 13-STABLE and
12-STABLE). Loic also disabled core dumps by default on 14-CURRENT.
Those who want to re-enable core dumps can set the `kern.coredump`
sysctl node to `1`.
Issues we need help with (I've added a few from other months):
1. Identify ports broken due to our use of llvm-ar, llvm-nm, and
llvm-objdump:
https://git.hardenedbsd.org/hardenedbsd/ports/-/issues/12
2. hbsd-update -r /path/to/empty/directory failes:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/55
3. Resolve cfi-icall violations:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/48
4. Add module to monitor swap usage:
https://git.hardenedbsd.org/hardenedbsd/hbsdmon/-/issues/5
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages