Tweet
What a busy month it has been! And not just for HardenedBSD, but for the rest of the security and IT industries as we work through the xz backdoor (CVE-2024-3094).
In src, the hbsdcontrol utility, and the library implementing the core logic (libhbsdcontrol) were rewritten from the ground up. While the implementation is now feature complete, there is still a bit of work to be done. Chiefly, rewriting the manual pages. After the documentation is updated, I plan to also integrate libucl support, to support JSON output and perhaps also support applying rules specified by a configuration file.
In ports, www/firefox was fixed and the minimum llvm version number was bumped for devel/boost.
Updates were applied across the entire infrastructure. A new build of hbsdfw (a HardenedBSD-basd fork of OPNsense) was deployed. This build has some issues, so I would recommend others not to deploy it, though it works fine enough for us to keep this current build deployed.
Here's what to look for in April:
$ fetch -q -o - https://api.github.com/repos/HardenedBSD/HardenedBSD | jq -r .created_at
2014-04-08T10:10:24Z
Happy birthday, HardenedBSD! May the next decade be as impactful as the previous.
In src, the hbsdcontrol utility, and the library implementing the core logic (libhbsdcontrol) were rewritten from the ground up. While the implementation is now feature complete, there is still a bit of work to be done. Chiefly, rewriting the manual pages. After the documentation is updated, I plan to also integrate libucl support, to support JSON output and perhaps also support applying rules specified by a configuration file.
In ports, www/firefox was fixed and the minimum llvm version number was bumped for devel/boost.
Updates were applied across the entire infrastructure. A new build of hbsdfw (a HardenedBSD-basd fork of OPNsense) was deployed. This build has some issues, so I would recommend others not to deploy it, though it works fine enough for us to keep this current build deployed.
Here's what to look for in April:
- Continued work on {,lib}hbsdcontrol.
- I'm hoping to study more the dance between the CSU, libc, libthr, and the RTLD.
- More work on libhijack, perhaps a new shim library that gets injected to help aid further process injection work.
$ fetch -q -o - https://api.github.com/repos/HardenedBSD/HardenedBSD | jq -r .created_at
2014-04-08T10:10:24Z
Happy birthday, HardenedBSD! May the next decade be as impactful as the previous.