-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At the request of creffett, I created a Proof of Concept for
glksa-check, which allows for glksa XML files to define Kernel
security vulnerabilities. Please realize that this is a Proof of
Concept, and that the interface is not the most user-friendly. The
code can definitely be improved as well. To test the program, untar
the files and copy the glksa dir to /usr/portage/metadata/. At the
moment, the script requires you to have /proc/config.gz enabled in
your kernel to read your running config options.
I have two XML files currently defined (still using the glsa.dtd
schema); one that is an actual vulnerability and one that is simply a
control that triggers on X86. To test the program, run it with the -l
option.
You can download the files at http://sdamashek.me/files/glksa.tar.gz
(not sure if the mailing lists let you attach tarballs). There is
definitely a lot to be improved about the application; this is just an
idea for how to handle notifying users about Kernel vulnerabilities
that affect their system. They would be released just like glsas. What
are the list's opinions on this?
- --
Samuel Damashek
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJS2gI3AAoJEGw+uP08RytWFqcH/0TyfO/6CwK281F4I7xzSEmG
WAjbo1OybDAKmV36U3Z+3BwWOtdMLGmJ64OJ5NBvKmITXd6A5CDpB2XYafpnEWyU
Y/PgyUdtLD2Ir4LQeGp8d6s8rVRCr0Ewu3KwRbvRiEAvNzn8+UXyF1AnnKZ+5vxo
iSOonv7WJHrj0RYq3mpDJn9/OBM+ZwdN0WgpWKZxTy4gCi0lTUXx4QxCYs4ub/I1
6+A+KiZgIxakfjZEmUa7drRojtEY9cMKGEf7EhRDzO8DGuAMerFmGc7Hspsd8z8p
bD42ATg8J7M6WaCbe8Sc2YL7oIWh+X1OO6wYc0XK6/5uq/Bpi3k2LuhV0+antfQ=
=QgqI
-----END PGP SIGNATURE-----
Hash: SHA1
At the request of creffett, I created a Proof of Concept for
glksa-check, which allows for glksa XML files to define Kernel
security vulnerabilities. Please realize that this is a Proof of
Concept, and that the interface is not the most user-friendly. The
code can definitely be improved as well. To test the program, untar
the files and copy the glksa dir to /usr/portage/metadata/. At the
moment, the script requires you to have /proc/config.gz enabled in
your kernel to read your running config options.
I have two XML files currently defined (still using the glsa.dtd
schema); one that is an actual vulnerability and one that is simply a
control that triggers on X86. To test the program, run it with the -l
option.
You can download the files at http://sdamashek.me/files/glksa.tar.gz
(not sure if the mailing lists let you attach tarballs). There is
definitely a lot to be improved about the application; this is just an
idea for how to handle notifying users about Kernel vulnerabilities
that affect their system. They would be released just like glsas. What
are the list's opinions on this?
- --
Samuel Damashek
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJS2gI3AAoJEGw+uP08RytWFqcH/0TyfO/6CwK281F4I7xzSEmG
WAjbo1OybDAKmV36U3Z+3BwWOtdMLGmJ64OJ5NBvKmITXd6A5CDpB2XYafpnEWyU
Y/PgyUdtLD2Ir4LQeGp8d6s8rVRCr0Ewu3KwRbvRiEAvNzn8+UXyF1AnnKZ+5vxo
iSOonv7WJHrj0RYq3mpDJn9/OBM+ZwdN0WgpWKZxTy4gCi0lTUXx4QxCYs4ub/I1
6+A+KiZgIxakfjZEmUa7drRojtEY9cMKGEf7EhRDzO8DGuAMerFmGc7Hspsd8z8p
bD42ATg8J7M6WaCbe8Sc2YL7oIWh+X1OO6wYc0XK6/5uq/Bpi3k2LuhV0+antfQ=
=QgqI
-----END PGP SIGNATURE-----