Id: 0x92fefdb7e44c32f9 (gpg.asc)
Fingerprint: 3BBA DF58 C30E 6E91 6417 79F4 92FE FDB7 E44C 32F9
All software is licensed under GPL 3 (or later) unless otherwise noted.
blhc (build log hardening check) is a small tool which checks build logs for missing hardening flags.
Hardening flags enable additional security features in the compiler to prevent e.g. stack overflows, format string vulnerabilities, GOT overwrites, etc.
Because most build systems are quite complicated there are many places where compiler flags from the environment might be ignored. The parser verifies that all compiler commands use the correct hardening flags and thus all hardening features are correctly used.
It’s designed to check build logs generated by Debian’s dpkg-buildpackage (or tools using dpkg-buildpackage like pbuilder or sbuild (which is used for the official buildd build logs)) to help maintainers detect missing hardening flags in their packages.
At the moment it works only on Debian and derivatives but it should be easily extendable to other systems as well. Patches are welcome, see README for details.
See blhc for more information and downloads.
coloredstderr is a small library which uses LD_PRELOAD to color stderr. It “follows” dups, has minimal performance overhead and can ignore certain binaries (requires /proc).
Like all solutions using LD_PRELOAD it only works with dynamically linked binaries. Statically linked binaries, for example valgrind, are not supported. setuid binaries are also not supported (LD_PRELOAD disabled for security reasons).
Most other existing solutions use a second process which colors its input and pipe stderr to it. However this creates different runtime behaviour resulting in a different ordering of the output. Partial lines (no newline) also often cause problems. coloredstderr handles these cases correctly.
See coloredstderr for more information and downloads.
tlsproxy is a simple TLS proxy for HTTPS which intercepts TLS connections and verifies the server certificate - if it changes it sends an error message back to the client, otherwise it forwards the traffic between server and client.
It’s designed to prevent man-in-the-middle attacks if an attacker can get a CA to sign a different server certificate for a website. As the browser has the CA’s certificate it verifies the new server certificate just fine and the user doesn’t know he’s talking to a different machine. tlsproxy prevents that.
See tlsproxy for more information and downloads.
I use mostly console programs and I have accumulated quite some configuration files which might be useful to others. They are commented and therefore quite useful to newcomers as well. The major features of the configuration files are listed in each section.
Available files: Vim, Zsh, GNU readline, Git, tig, GNU screen, Tmux, xmonad, Elinks, OpenSSH, GnuPG, lftp. Other useful programs.
List of computer related notes (mostly for UNIX and GNU/Linux) which are useful to me and might be useful to others.
If you have any suggestions/improvements/fixes/questions please tell me at email@example.com.Last updated 2016-09-11 02:31:31 CEST