Mailing List Archive by Gossamer Threads http://www.gossamer-threads.com/lists/gentoo/hardened/ en-us (c) Gossamer Threads Inc. All rights reserved. 12 Feb 2012 09:00:53 -0800 120 75 23 http://www.gossamer-threads.com/lists/gentoo/hardened/ http://www.gossamer-threads.com/images/lists/rss_logo.jpg [. CCed gentoo-hardened@lists.gentoo.org to warn against possible breakage. Touching profiles make me nervous. TS: http://archives.gentoo.org/ge 11 Feb 2012 10:48:48 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/247694 Howdy folks, I recently tried to recompile some packages and I discovered that GCC 4.5.3, the current default version in the hardened profile will no 05 Feb 2012 19:28:48 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/247454 Not sure how much testing anyone else has done (and it warrants more testing), but I just tested this on a rather out-of-date machine running hardened 31 Jan 2012 07:12:06 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/247209 Hi guys, A small update to the SELinux policies in our favorite distribution. This one pulls in the following changes: bug #399113: Be able to di 29 Jan 2012 09:10:36 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/247053 Hello, I've just made sync, and I got following errors during calulacting updates: * /usr/portage/sec-policy/selinux-base-policy/selinux-base-policy 29 Jan 2012 05:38:12 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/247037 Dnia 27 stycznia 2012 17:06 "Tóth Attila" <atoth@atoth.sote.hu> napisał(a): > And this one is from my laptop: > vmalloc: allocation failure: 0 byte 27 Jan 2012 09:38:07 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246890 Hi everyone, I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They address CVE-2012-0056. I've tested and they do indeed resist the 27 Jan 2012 05:37:58 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246864 Hi! If you ever wonder how exactly differs predefined security levels, you'll find this information here. :) I've compared them, plus I did some benc 27 Jan 2012 05:26:26 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246863 I'm sorry for being offtopic, but this is the list I can rely on. I've just upgraded openrc from 0.9.4 to 0.9.8.2 and my server went offline. After st 25 Jan 2012 17:15:32 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246771 Please take a look at on this exploit: http://blog.zx2c4.com/749 It is interesting to think about /proc/pid/mem protection and about building su with 23 Jan 2012 15:49:19 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246715 Hi Log from the meeting /Magnus (Zorry) 23 Jan 2012 12:11:24 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246701 I have two hardened gentoo systems I'm running for many years now. I've installed the personal server in 2004. The laptop started in 2005. Now the tim 14 Jan 2012 12:22:45 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246177 Hi guys, I haven't merged hardened-development overlay with the main tree yet because I had to make sure that the changes in the policycoreutils woul 10 Jan 2012 11:53:37 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/246018 Hi everyone, A long time ago, Gentoo used to provide RSBAC sources. For those of you unfamiliar with RSBAC = rules set based access control, it prov 07 Jan 2012 13:08:56 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245898 I've just installed a new glibc, since the latest dev-lang/R now doesn't have any requirements about it. On two systems I got the following messages 04 Jan 2012 14:12:23 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245623 Hi: I try to make my system selinux enabled and followed the steps from http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&ch 04 Jan 2012 08:09:11 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245572 On 3 Jan 2012 at 18:34, Andrea Zuccherelli wrote: > hfsnotify.c:208:2: error: assignment of read-only member 'br_hfsn_ops' > > I found this to be ca 03 Jan 2012 10:02:59 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245503 Hi, I know some people were interested in this, so here it is. I've built two stage4 tarballs (stage3 + other stuff for a full development env). The 03 Jan 2012 07:53:19 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245452 Hi guys, Assuming you don't kill me for not using hexadecimal notations, rev 10 is now out right after rev 9. Revision 10 of selinux-base-policy come 30 Dec 2011 12:02:45 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245102 Positive feedback: New tp_smapi ebuild (0.41) based on the forked Debian source compiles fine with hardened-sources-3.1.5 and hardened-sources-3.1.6, 29 Dec 2011 15:09:18 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/245060 Hi guys, In the hardened-dev overlay you can now find the SELinux policy revision 9 (and its affiliated modules). The included changes are: - <bug # 27 Dec 2011 10:05:48 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244974 Hi everyone, For a while now, we've been supporting three predefined grsec profiles in the hardened-sources kernel. Upstream provides four. These a 26 Dec 2011 10:57:07 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244942 Hi Here is the meeting log. /Magnus (Zorry) 18 Dec 2011 14:48:10 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244612 So I am building in a chroot an x86 system: CFLAGS="-march=k6-2 -Os -pipe -fomit-frame-pointer" CXXFLAGS="${CFLAGS}" LDFLAGS="-Wl,-z,relro" CHOST="i 12 Dec 2011 16:08:51 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244289 huh? ________________________________ From: "simon.cruddas@othermedia.com" <simon@othermedia.com> To: gentoo-hardened@lists.gentoo.org Sent: Monda 12 Dec 2011 12:26:43 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244272 -- simon cruddas | systems architect +44 (0)20 7089 5971 | pgp : 0xC0D7FAD3 12 Dec 2011 12:20:02 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244271 Does anyone know of any prebuilt desktop distros based on hardened gentoo. I've just found anikos.org but it still looks like early days? -- Kc 12 Dec 2011 11:34:39 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244261 Hi guys, I just pushed rev 8 of selinux-base-policy (and the various policy modules that have changes in them since rev 7). The included changes are: 11 Dec 2011 05:48:38 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244190 Hello all, I'm considering rolling out a new server with gentoo, but wanted to base it on the hardened profile, but the gentoo docs I've read so far 10 Dec 2011 12:17:47 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244160 Has anyone tried Opera 11.60 with a grsecurity patched kernel. 11.52 worked fine but 11.60 is segfaulting with "denied ptrace of /usr/lib/opera/opera 09 Dec 2011 05:17:16 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/244098 The SELinux base policy revision 7 has been pushed to the hardened-dev overlay. Base policy r5 has been stabilized in the tree. Changes in rev 7 are: 27 Nov 2011 10:59:35 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/243271 One of the more important things that is currently broken on my system when I switch on enforcing mode for SELinux is the su command. Mostly likely I 25 Nov 2011 19:32:52 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/243118 I know that it's not hardened related, but I'm curious if you experienced this problems as well. While I try to compile recent libreoffice I got an e 25 Nov 2011 13:29:09 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/243088 Hi folks, An early attempt to describe how to best report SELinux bugs. It currently only focuses on policy bugs, since those are the ones we target 22 Nov 2011 12:14:05 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242926 Hi Here is the meeting log form the meeting 2011-11-17 20:00UTC /Magnus 20 Nov 2011 14:07:28 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242859 Hey, Date of document was not changed in last commit of /proj/hardened/en/index.xml. I think this date should be changed, so: s|<date>2011-08-12</da 18 Nov 2011 06:31:40 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242771 I did a sync and a world update earlier today and among the updates was the 3.0.9 hardened sources. I built the new kernel with the same settings as 17 Nov 2011 18:18:19 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242744 Hi all, I have pushed out an update on the SELinux policies in hardened-dev. The changes include: - #389579 (Mismatch on amavisd.conf context) - #38 12 Nov 2011 13:25:32 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242368 Hello, May I ask if nvidia is still hardend unfriendly? I need CUDA available. Alternativly may I get what is wrong with this driver, I may check ne 12 Nov 2011 11:11:03 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242364 Hello, I don't tracked mails so sorry if I resended same information. I thnik there is collision between selinux-gnupg selinux-gpg packages, collis 11 Nov 2011 03:17:29 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242213 I've started poking around in the refpolicy source to help me learn about the correct policy module style by looking at other examples. I've noticed 07 Nov 2011 17:52:40 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/242044 Hi everyone, I'd like to announce that a new release of Tin Hat is out. Tin Hat is a fully featured Linux desktop based on Hardened Gentoo which runs 07 Nov 2011 03:10:46 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241990 I've been using OpenBSD for a while now which has priv dropping X and the machdep.allowaperture=[0|1|2]. Theo has said firefox also annoyingly uses it 06 Nov 2011 15:19:18 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241945 Looks like I'm the second newbie in a week to introduce himself to the list. I've been a unix/Linux systems administrator for over a decade, and have 03 Nov 2011 18:44:09 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241800 This fixed quite some messages. module astnb 1.0; require { type var_run_t; type var_log_t; type asterisk_t; type va 02 Nov 2011 18:24:44 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241759 Here definitely is a bug in the file contexts. The eaccelerator stuff in the default implementation is referencing /var/cache/php-eaccelerator... /v 02 Nov 2011 17:46:30 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241757 Here I am not sure... exim has some problems, amavis has various problems & clamav has some problems. Exim produces: ---8<--- module exim-nb 1.0; 02 Nov 2011 17:40:51 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241756 Fail2ban seems to lack the next ---8<--- module fail2ban-nb 1.0; require { type fail2ban_t; class capability dac_override; } #===== 02 Nov 2011 17:34:05 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241755 This is also used for the nagios stuff: ---8<--- module nrpe 1.0; require { type nrpe_t; type proc_mdstat_t; type system_cro 02 Nov 2011 17:32:05 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241754 Ok, it shouldn't be used, but sometimes, it is needed. The folling seems to help fix stuff: ---8<--- module miniupnpdnb 1.0; require { type 02 Nov 2011 17:30:34 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241753 Nagios is not exactly installed, just nrpe is. Several audit messages indicate that the checkdisk_plugin has problems, from these reports the followin 02 Nov 2011 17:28:23 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241752 Well.. at least is nice to introduce one-self. Hi, I am a self-employed OpenVMS Cluster/systems manager by profession and run some linux on the side. 02 Nov 2011 17:22:40 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241751 Hi everyone, There are some older stable hardened sources that I'd like to deprecate. They have some known issues which have been fixed in later sta 30 Oct 2011 13:13:55 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241633 Hi everyone, As you may know, I've been working on a set of utilities to use with a PaX enabled kernel. These are installed with sys-app/elfix which 23 Oct 2011 09:50:45 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/241286 Hi All, I am following the selinux-guide Sven updated recently on a VM with a clean install. I started with the hardened stage 3 as recommended and a 19 Oct 2011 05:32:14 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/240983 Hi lads, I had some issues with my previous attempt on the SELinux handbook (a few chapters were too detailed, others lacked the detail needed) so I 15 Oct 2011 11:41:16 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/240773 Hi Log from the meeting 2011-10-05 20:00UTC /Magnus 09 Oct 2011 06:42:15 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/240239 I've suspected, that it won't be a torch-light procession. But reality exceeded my expectations. Around 60 packages failed out of approx 100! I've fol 22 Sep 2011 12:23:30 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/239245 Hi everyone, I'm working towards forcing a consistency in how we pax mark our binaries. The RFC for the design is at http://git.overlays.gentoo.org 20 Sep 2011 05:14:49 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/239088 Some weeks before logrotate started to complain on elog permissions. I've added the necessary su lines to the configuration. That was also officially 18 Sep 2011 05:52:45 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/238853 Hi everyone, It looks like upstream RSBAC is active again. Gentoo used to have rsbac-sources, so it would be nice to get them back. I'm not sure ri 04 Sep 2011 16:07:24 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/237565 In May I started seeing grsec messages about bonding. It was compiled into the kernel for ages, serving the primary multi-port NIC connected to a Cisc 03 Sep 2011 08:36:23 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/237519 Sorry /Magnus 31 Aug 2011 16:02:37 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/237374 Hi The log from the meeting 2011-08-24 20:00UTC I was reselected as lead for the hardened project. Tankyou all for the support. /Magnus 31 Aug 2011 16:01:12 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/237373 Hi guys, In the "Gentoo Hardened SELinux Development Policy" [1] we have a section requiring development to use the 'gentoo_' prefix. The reason for 23 Aug 2011 11:10:03 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236973 Hi everyone, Back in May, I added new feature/selinux profiles which we would like to stabilize soon. These were structured to parallel the selinux/ 21 Aug 2011 04:10:36 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236825 Hi guys, I have just pushed selinux-base-policy--2.20110726-r2 to the hardened-dev overlay. There are not that many changes in it (although "not many 19 Aug 2011 13:51:48 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236747 I tried to install selinux-consolekit-2.20101213.ebuild and I got error libsepol.print_missing_requirements: consolekit's global requirements were no 14 Aug 2011 18:20:05 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236331 Hi guys, Many hardened profiles still pmask the following GCCs: =sys-devel/gcc-4.3.2* =sys-devel/gcc-4.4.1* =sys-devel/gcc-4.4.3-r2 =sys-devel/gcc-4 14 Aug 2011 01:17:16 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236315 Hello, Problem mainly is about starnge ID system_u:system_r:initrc_t I have inside KDE's konsole (all applications started / KDE service has it too) 10 Aug 2011 11:57:46 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236099 Hiya, Would it be possible to update the following files from the hardened-docs.git repository to the main (gentoo) one? selinux/hb-intro-concepts.x 10 Aug 2011 11:15:41 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/236098 I'm trying to chase down an AVC message coming from procmail. I'm having a problem figuring out how to research, troubleshoot, or fix bad FIFO pipe 06 Aug 2011 09:50:46 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235943 I only get a 404 error On Fri, Aug 5, 2011 at 1:53 PM, Jared Thomas <thomas_chaos@yahoo.com> wrote: > http://alumnispecs.com/shop/admin/images/graph 05 Aug 2011 05:00:13 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235899 Hi * To allow for more manageable patching on our selinux policies (since Matthew will bombard me anyhow with things to fix ;-) and not to clutter th 02 Aug 2011 00:19:25 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235768 I just installed the latest SELinux stuff from the hardened-development overlay onto my laptop, currently using the targeted profile (though I've als 30 Jul 2011 18:05:41 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235600 Hi all, Just to let you know r21 is now available in hardened-dev.git. No major changes here. Most of them are for Portage support to allow emerge, e 24 Jul 2011 04:10:22 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235235 Hi Nick, Thanks for the report, but would you be so kind as to open up bug reports for each of the issues at https://bugs.gentoo.org/ --Tony On 07/ 24 Jul 2011 02:25:48 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235234 Hi all, I've pushed selinux-base-policy-2.20101213-r20 to the hardened-dev overlay. This update contains the following changes since r19: - Introduc 21 Jul 2011 12:42:47 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/235024 Hi guys, The SELinux bugs are "piling" up but most of them are resolved and I'd like to use the STATUS field to keep track of which bugs are actually 21 Jul 2011 03:06:29 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234969 Hi, I seem to have messed up my mail accounts and this list seems only to accept submissions from members, so here what I wrote to Anthony before. T 15 Jul 2011 04:02:24 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234634 Hi Here is the log from the meeting we did have on 2011-07-13 20:00UTC /Magnus (Zorry) 14 Jul 2011 14:44:48 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234609 Hi, I successfully switched to hardened profile during the last week and it was quite painless. I think I can hand out some praise for the great work 14 Jul 2011 02:54:21 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234574 http://www.persephoneshaven.com/wp-content/themes/test.html 13 Jul 2011 00:51:26 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234537 First, puppet and puppetmaster are both in /usr/bin not /usr/sbin anymore And here is what I needed to add to the policy. module puppetlocal 1.0; r 10 Jul 2011 14:49:15 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234423 Hi lads, I've pushed a few changes to the hardened-dev.git overlay, ready for your mass inspection and testing. The changes include: - sec-policy/se 07 Jul 2011 11:51:11 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/234229 Hi, does anybody know why the checksum of stage3-amd64-hardened-20110625.tar.bz2 (26-Jun-2011) doesn't match? -- Regards Dave -- http://www.fast 29 Jun 2011 18:45:19 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/233745 Hello everybody, I use hardened gentoo, now with disabled grsecurity, and I can't emerge openssh because it is unable to find libpam even though it r 28 Jun 2011 06:47:55 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/233645 Hi all, I've Gentoo with KDE4.5.3 and SELinux enforcing targeted enabled plus grsecurity working fine. But KDE4.6.3 on a new system has difficulties 23 Jun 2011 07:18:45 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/233161 Hi folks, As per bug #368795 [1] we have an open request to include a SELinux policy module for the nginx webserver. However, while working on this, 15 Jun 2011 10:45:26 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/232624 Hi all, I've got a machine, which hasn't been upgraded for some 2 years or less. It has GCC-4.3.4 and now I tried to upgrade to 4.5.2, but something 15 Jun 2011 03:55:09 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/232592 Hi everyone, I'd like to announce that a new release of Tin Hat is out. Tin Hat is a fully featured Linux desktop based on Hardened Gentoo which runs 13 Jun 2011 15:45:34 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/232520 It looks like these stopped being published: http://distfiles.gentoo.org/releases/amd64/current-stage3/ Any reason? They can still be found here, 03 Jun 2011 09:08:41 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/231773 Hi all, One of the "difficulties" of working with SELinux is that the policy that is pushed by default is tailored towards a default installation usi 02 Jun 2011 09:52:11 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/231692 http://jamescotier.com/images/site.html 25 May 2011 15:48:52 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/231211 Hi all, I have taken the liberty to update the SELinux subproject page a bit (see [1], nothing major there). During the page review I thought about a 24 May 2011 13:55:19 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/231144 After a week I think I've sorted out nearly all issues about openrc on my systems. Bonding was compiled into the kernel. Upon I tried to echo mode 4 ( 20 May 2011 04:11:15 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/231011 Hi everyone, Tomorrow I'll be adding a new selinux "feature" profile to the tree. The idea behind this is like other features, it can be stacked on t 16 May 2011 19:00:18 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/230761 Just switched to openrc + baselayout2. Using grsecurity RBAC. During the shutdown process I see endless countdowns for each service waiting for other 15 May 2011 17:49:26 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/230633 Hi all, I've put selinux-base-policy-2.20101213-r14 in the hardened-dev.git overlay. Its main addition is support for openrc (which is now stable and 13 May 2011 13:06:39 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/230485 I gave a try to hardened-sources-2.6.38-r1 and -r2 on my laptop. Both version get stuck at the very beginning of the boot process: " Decompressing Lin 06 May 2011 02:11:37 -0800 http://www.gossamer-threads.com/lists/gentoo/hardened/230001