security December 2013

security@lists.fedoraproject.org

3 participants
3 discussions

Crypto guidelines for Fedora
by Till Maas 03 Apr '14

03 Apr '14

Hi, I recently noticed that several packages in Fedora create RSA keys with inappropriate key sizes: dnssec-trigger creates RSA 1536 keys with certificate that is valid for 20 years: https://bugzilla.redhat.com/show_bug.cgi?id=1045689 dropbear-keygen creates by default RSA 1024 keys: https://bugzilla.redhat.com/show_bug.cgi?id=1039311 Some other observations: ssh-keygen on F19 creates RSA 2048 keys by default ENISA recommends to at least RSA 3072 keys: http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverabl… If e.g. AES-256 is used. RSA 15360 is recommended for long-term usage. Therefore I would like to propose a packaging guideline about which minimum key size software in Fedora should generate by default. It seems to me that requiring RSA 3072 key by default in Fedora is a good initial compromise. I did not notice RSA keys with more than 4096 bits regularly, therefore I am not sure whether using RSA 15360 keys by default is a good idea. What is your opinion? Regards Till

6 12

cppcheck(1) thread on -devel list
by P J P 18 Dec '13

18 Dec '13

Hello, -> https://lists.fedoraproject.org/pipermail/devel/2013-December/193040.html I'm sure most of you would have seen it already. I just thought this is a due place to have more discussion around it. (hope it's okay) Thank you. --- Regards -Prasad http://feedmug.com

1 0

[Secure Coding] master: Fix typos spotted by Kamil Dudka (39e08eb)
by fweimer＠fedoraproject.org 02 Dec '13

02 Dec '13

Repository : http://git.fedorahosted.org/git/?p=secure-coding.git On branch : master >--------------------------------------------------------------- commit 39e08eb0e4bd694b7856be4bfe33284434c53e95 Author: Florian Weimer <fweimer(a)redhat.com> Date: Mon Dec 2 14:38:10 2013 +0100 Fix typos spotted by Kamil Dudka >--------------------------------------------------------------- defensive-coding/en-US/C-Language.xml | 2 +- defensive-coding/en-US/Tasks-Processes.xml | 4 ++-- defensive-coding/en-US/Tasks-Temporary_Files.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/defensive-coding/en-US/C-Language.xml b/defensive-coding/en-US/C-Language.xml index f50e36c..b1eeec0 100644 --- a/defensive-coding/en-US/C-Language.xml +++ b/defensive-coding/en-US/C-Language.xml @@ -123,7 +123,7 @@ xmlns:xi="http://www.w3.org/2001/XInclude" /> </example> <para> - Basic arithmetic operations a commutative, so for bounds checks, + Basic arithmetic operations are commutative, so for bounds checks, there are two different but mathematically equivalent expressions. Sometimes, one of the expressions results in better code because parts of it can be reduced to a constant. diff --git a/defensive-coding/en-US/Tasks-Processes.xml b/defensive-coding/en-US/Tasks-Processes.xml index 90f01f0..141232a 100644 --- a/defensive-coding/en-US/Tasks-Processes.xml +++ b/defensive-coding/en-US/Tasks-Processes.xml @@ -24,7 +24,7 @@ <para> The configured program name should be an absolute path. If it is a relative path, the contents of the <envar>PATH</envar> - must be obtained in s secure manner (see <xref + must be obtained in a secure manner (see <xref linkend="sect-Defensive_Coding-Tasks-secure_getenv"/>). If the <envar>PATH</envar> variable is not set or untrusted, the safe default <literal>/bin:/usr/bin</literal> must be @@ -290,7 +290,7 @@ <para> At the moment, the parent process should explicitly wait for termination of the child process using - <function>waitpid</function> or <function>waitpid</function>, + <function>waitpid</function> or <function>waitid</function>, and hope that the status is not collected by an event loop first. </para> diff --git a/defensive-coding/en-US/Tasks-Temporary_Files.xml b/defensive-coding/en-US/Tasks-Temporary_Files.xml index d78bad7..45cefdf 100644 --- a/defensive-coding/en-US/Tasks-Temporary_Files.xml +++ b/defensive-coding/en-US/Tasks-Temporary_Files.xml @@ -6,7 +6,7 @@ <para> In this chapter, we describe how to create temporary files and directories, how to remove them, and how to work with programs - which do not create files in ways that a safe with a shared + which do not create files in ways that are safe with a shared directory for temporary files. General file system manipulation is treated in a separate chapter, <xref linkend="chap-Defensive_Coding-Tasks-File_System"/>.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security December 2013