2024-07-01 08:33:31 <ikke> https://www.openssh.com/txt/release-9.8
2024-07-01 08:33:58 <ikke> A critical race condition in sahd
2024-07-01 08:34:01 <ikke> sshd
2024-07-01 08:43:34 <ikke> 32-bits systems are mostly affected 
2024-07-01 15:35:29 <ikke> "OpenSSH sshd on musl-based systems is not vulnerable to RCE via CVE-2024-6387 (regreSSHion)." https://fosstodon.org/@musl/112711796005712271
2024-07-01 17:50:36 <omni> calming
2024-07-01 18:27:15 <jvoisin> https://dustri.org/b/notes-on-regresshion-on-musl.html
2024-07-01 22:52:08 <jalberti> Hello! Do we already have a response for https://www.cve.org/CVERecord?id=CVE-2024-6387?
2024-07-01 22:53:12 <jalberti> See also https://www.openssh.com/txt/release-9.8
2024-07-09 18:11:21 <Ariadne> going to try to get openpax kernels in testing by end of week
2024-07-09 18:11:36 <ikke> I saw your posts about them
2024-07-09 18:11:51 <ikke> about it*
2024-07-09 18:34:36 <ptrc> what even is openpax?
2024-07-09 18:34:42 <ptrc> can't find anything about it
2024-07-09 18:43:59 <ikke> Pax is part of grsec
2024-07-09 18:55:02 <ptrc> ah! and i assume openpax would be some modern continuation of pax?
2024-07-09 18:56:21 <ikke> https://social.treehouse.systems/@ariadne/112748032621046269
2024-07-09 18:57:10 <ikke> It's about marking pages as W^X
2024-07-09 18:57:39 <Ariadne> there's some other features i intend to reimplement
2024-07-10 14:50:51 <jvoisin> https://mail-index.netbsd.org/current-users/2024/07/10/msg045472.html Alpine Linux isn't the only one having issues with upgrading sshd :D
2024-07-10 16:56:41 <ncopa> jvoisin: hey! thank you for helping investigate the fortify-header problem
2024-07-10 16:57:01 <ncopa> I wonder if it may even be a compiler bug?
2024-07-10 22:05:40 <jvoisin> ncopa: I do hope it's not :/
2024-07-10 22:05:45 <jvoisin> I'll try to take a better look tomorrow
2024-07-10 22:06:01 <jvoisin> *closer look
2024-07-10 22:06:34 <jvoisin> I feel bad for taking the project over, and having so many breaking bugs :/
2024-07-11 09:17:38 <ncopa> i dont think you have any reason to feel bad. It is very complex, and we have thousands of packages and users using it
2024-07-11 09:17:56 <ncopa> there are alot of things that can go wrong, and will go wrong
2024-07-11 10:00:08 <sam_> absolutely
2024-07-11 10:52:49 <ncopa> what I wonder though, is how to catch it in the test cases
2024-07-11 11:14:42 <jvoisin> ncopa: https://github.com/jvoisin/fortify-headers/issues/63
2024-07-16 09:18:44 <nmeum> I received yet another email regarding the busybox cves
2024-07-16 09:18:50 <nmeum> is there any resource that I can point these people to?
2024-07-16 09:19:09 <nmeum> it is yet another of these "security scanner complain about busybox cves" mails
2024-07-16 11:37:50 <ncopa> maybe this? https://security.alpinelinux.org/srcpkg/busybox
2024-07-17 16:57:58 <ikke> Python infrastructure token leaked through docker hub: https://www.openwall.com/lists/oss-security/2024/07/17/5
2024-07-18 15:44:39 <jvoisin> https://libcxx.llvm.org/Hardening.html this is a mess :/
2024-07-18 15:56:21 <ikke> I'll raise you https://arstechnica.com/security/2024/07/code-sneaked-into-fake-aws-downloaded-hundreds-of-times-backdoored-dev-devices/
2024-07-18 19:25:18 <sam_> jvoisin: yep :(
2024-07-26 16:32:02 <Guest1322> hi
2024-07-26 16:34:32 <Guest1322> i have few question about security on alpine please 
2024-07-26 16:37:03 <Guest1322> if i use alpine as server, it is a necessity to compile my own kernel with grsecurity and a hardened profile ?  
2024-07-26 16:37:28 <ikke> Guest1322: If you have a bit of patience, someone is working on returning pax back to Alpine LInux through openpax
2024-07-26 16:37:50 <Guest1322> very good things 
2024-07-26 16:38:14 <Guest1322> yes i have a bit of patience 
2024-07-26 16:38:25 <Guest1322> who work on this ? 
2024-07-26 16:38:31 <ikke> Ariadne
2024-07-26 16:39:17 <ikke> There is already linux-openpax in edge/testing
2024-07-26 16:39:21 <ikke> So you can already try i
2024-07-26 16:39:23 <ikke> it
2024-07-26 16:39:37 <Guest1322> good 
2024-07-26 16:39:51 <Guest1322> thx for the information 
2024-07-26 17:15:05 <ikke> https://social.treehouse.systems/@ariadne/112837702537426158
2024-07-26 17:55:14 <Guest1322> how many times to develop openpax, it's difficult ? 
2024-07-26 18:01:18 <ikke> I have no idea
2024-07-26 18:02:44 <Guest1322> it's a work for an engineer not for a hobbyst 
2024-07-26 18:03:35 <Guest1322> you are all here engineer or professional i think 
2024-07-26 20:20:52 <Foxboron> Ariadne: Is there a reason why you started the openpax fork instead of utilizing linux-hardened?
2024-07-28 05:36:48 <idkrn[m]> <Guest1322> "if i use alpine as server, it is..." <- That is entirely dependant on your threat model. If you're in a position where you can actually get access to grsec, then use it.
2024-07-29 04:25:54 <idkrn[m]> <Foxboron> "Ariadne: Is there a reason why..." <- I'm curious as well
2024-07-30 09:06:32 <omni> found this https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-qt/qtbase/files/qtbase-6.7.2-CVE-2024-39936.patch