Tomorrow I'll be hosting a Linux Security Modules (LSM) BoF at LPC. If you have any LSM questions or a related topic to discuss, please join us!

https://lpc.events/event/18/contributions/1890/

#lpc #linux #lsm

Great write-up by @psychomario on a root privilege escalation toolchain which leverages DBus, CUPS, and WPA on Ubuntu: https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/

Please help us test OpenSSH ahead of the 9.9 release, due in a few weeks.

New features include a new post-quantum key exchange based on ML-KEM, improved controls to disallow unwanted connections and better performance for the existing PQ key exchange.

Full details at: https://marc.info/?l=openssh-unix-dev&m=172638834815257&w=2

Having worked on the kernel for decades, and imposing a lot of the same code/git hygiene for liburing, there can be a disconnect for contributors on what is expected of a commit and commit message, and what series of commits should look like. I attempted to provide a basic guideline here:

https://github.com/axboe/liburing/blob/master/CONTRIBUTING.md

and would appreciate feedback from folks on what I missed, what isn't clear, etc.

Gonna be giving a talk "SLUB Internals for Exploit Developers" at @LinuxSecSummit next week.

Plan to cover the basics one needs to know before writing exploits for slab bugs; slides coming along 😁

Also gonna stay around for @linuxplumbersconf.

https://lsseu2024.sched.com/event/1ebVN

the debugging manifesto poster I've been talking about is finally available for sale! You can get it here for $20 US + shipping: https://store.wizardzines.com/products/poster-debugging-manifesto

it was redesigned and riso printed by Inner Loop Press and I'm SO delighted with how it turned out (https://www.innerloop.press/)

BBC Model Linear B

Just published the #ASG2024 schedule! Lots of good stuff, and at least one terrible talk that nobody should attend.

Early bird tickets are also still available - but not for long - go grab them while they last!

https://all-systems-go.io/

It's been a while since the last one, but here is the fourth #Landlock newsletter: https://lore.kernel.org/landlock/20240716.yui4Iezai8ae@digikod.net/
Moar sandboxing! 🥳

Another relatively small update, but here are the LSM, SELinux, and audit* highlights from the Linux v6.11 merge window.

https://paul-moore.com/blog/d/2024/07/linux_v611_merge_window.html

#lsm #selinux #audit

There are three hard things in computer science: cache invalidation, naming things, and getting your video game character onto a ladder.

Of course, everyone's favourite tool to build secure Linux images with dm-verity, TPM, SecureBoot is mkosi by @daandemeyer and others. It now is learning a new trick: support for AzureLinux (ex CBL Mariner) – in addition to the other 12 supported distributions.

And that's really great, because this means I can finally quickly test the stuff I am working on within the systemd project on my own company's Linux distribution, the same way I test other distributions.

Yay!

https://github.com/systemd/mkosi/pull/2833

#Landlock workshop: Linux sandboxing in practice

Let's sandbox ImageMagick at #pts24 🧂
See slides, VM, code, and setup instructions: https://cfp.pass-the-salt.org/pts2024/talk/8FVYDF/