Category: Security
Deleted Mapped FilesDeleted Mapped Files
On a Linux system if you upgrade a shared object that is in use any programs that have it mapped will list it as “(deleted)” in the /proc/PID/maps file for[...]
Passwords Used by DaemonsPasswords Used by Daemons
There’s a lot of advice about how to create and manage user passwords, and some of it is even good. But there doesn’t seem to be much advice about passwords[...]
BTRFS and SE LinuxBTRFS and SE Linux
I’ve had problems with systems running SE Linux on BTRFS losing the XATTRs used for storing the SE Linux file labels after a power outage. Here is the link to[...]
Compromised Guest AccountCompromised Guest Account
Some of the workstations I run are sometimes used by multiple people. Having multiple people share an account is bad for security so having a guest account for guest access[...]
Running a Tor RelayRunning a Tor Relay
I previously wrote about running my SE Linux Play Machine over Tor [1] which involved configuring ssh to use Tor. Since then I have installed a Tor hidden service for[...]
SE Linux in Debian/StretchSE Linux in Debian/Stretch
Debian/Stretch has been frozen. Before the freeze I got almost all the bugs in policy fixed, both bugs reported in the Debian BTS and bugs that I know about. This[...]
Hostile Web SitesHostile Web Sites
I was asked whether it would be safe to open a link in a spam message with wget. So here are some thoughts about wget security and web browser security[...]
UnikernelsUnikernels
At LCA I attended a talk about Unikernels. Here are the reasons why I think that they are a bad idea: Single Address Space According to the Unikernel Wikipedia page[...]
Compatibility and a Linux Community ServerCompatibility and a Linux Community Server
Compatibility/interoperability is a good thing. It’s generally good for systems on the Internet to be capable of communicating with as many systems as possible. Unfortunately it’s not always possible as[...]