Security « ewald.tienkamp.nl

Archive for the ‘Security’ Category

Hardened Gentoo, PaX and OpenOffice.org

Saturday, September 4th, 2010

Just a short blog post: after merging OpenOffice.org on a Hardened Gentoo machine today, I was unable to boot OpenOffice.org Writer (or any of the other OOo programs). While the solution isn’t all that pretty, it is rather simple.

The problem has to do with OpenOffice.org throwing out the following error when trying to boot in Hardened Gentoo:

terminate called after throwing an instance of ‘std::bad_alloc’
what(): std::bad_alloc

Turns out this has to do with the way OpenOffice.org tries to work against the mprotect restrictions. You can lift those restrictions by using paxctl (emerge -av paxctl) in the following way:

# check for current PaX settings: paxctl -v /usr/lib/openoffice/program/soffice.bin # disable mprotect: paxctl -m /usr/lib/openoffice/program/soffice.bin

Now OOo should finally launch. This enables you to write a polite letter to the OOo team asking them to allow us to run OOo with mprotect.

Tags: Gentoo Linux, grsecurity, Hardened Gentoo, OpenOffice.org, PaX, paxctl
Posted in Desktop, Gentoo Linux, Security | No Comments »

Signing PGP/GnuPG keys using caff and sSMTP

Wednesday, February 10th, 2010

After attending the keysigning party at FOSDEM 2010, I came home with a large list of PGP/GnuPG keys I needed to sign. At the conference, there was a brief mention of using caff to make this task easier and soon enough, the first emails sent using caff came rolling in. Problem was… I had no experience whatsoever using caff, and the documentation was rather brief. I did manage to figure it all out though.
(more…)

Tags: caff, encryption, FOSDEM, Gentoo Linux, Gmail, GnuPG, gpg, keysigning, PGP, SHA256, signing-party, sSMTP, TLS
Posted in Desktop, Gentoo Linux, Security | No Comments »

Mounting a remote file system over ssh using sshfs and non-standard settings

Tuesday, January 19th, 2010

As usual I had the desire to have a non-common set-up, which was presumably more secure or at the very least more fun to get working. In this case, after rebuilding my server, I wanted to recreate the sshfs setup I had going on in the past, but this time while using a separate IdentityFile, non-common portnumber and incorporated in my /etc/fstab file. Somehow I forgot how I managed to get that working in the past, so for my own sake and the sake of others seeking help with this, I wrote down the steps I took to get this working, below.
(more…)

Tags: /etc/fstab, fuse, Gentoo Linux, IdentityFile, mount, non-standard, passwordless login, port, remote filesystem mounting, ssh, sshfs, uncommon
Posted in Gentoo Linux, Security, Server | No Comments »

Scanning for Conficker using Nmap under Gentoo Linux

Monday, May 18th, 2009

Well, that was what I wanted. I know, Conficker was hot months ago. But hey, I’m not often around Windows machines and I thought that while I was, I might just as well scan my parents’s network.
(more…)

Tags: blog, compile, Conficker, emerge, Gentoo Linux, Google, lua, nmap, package.use, portage, USE flags
Posted in Desktop, Gentoo Linux, Mobile, Security, Server | No Comments »

ewald.tienkamp.nl

Archive for the ‘Security’ Category

Hardened Gentoo, PaX and OpenOffice.org

Signing PGP/GnuPG keys using caff and sSMTP

Scanning for Conficker using Nmap under Gentoo Linux

Pages

Archives

Categories

Recommended software