libpathrsa project by cyphar The plan is to implement a safe path resolution library for Linux to avoid the plentiful numbers of security vulnerabilities that have been seen in the wild related to path resolution race conditions and various other attacks. I've been working on kernel-space solutions but even if they were merged, it is difficult to use them safely directly. So this library intends to provide simple wrappers that everyone can use. https://github.com/openSUSE/libpathrs |
Kanidm: A safe and modern IDM systeman invention by firstyear This hackweek I'll be working on Kanidm, an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme. Kanidm Github |
|
Dawnscanner: revive the project and create an RPM packagea project by pperego Project DescriptionDawnscanner was a ruby code security static analyzer I created in 2013 and led until a couple of years ago. Unfortunately in my last two jobs, my focus was less on ruby code, so the project lost some traction. |
|
FIDO2 emulationa project by mkoutny Project DescriptionFIDO2 is set of specifications for multi-factor authentication. It is based on asymmetric cryptography with secrets stored in a HW token. The token must support the protocol to be usable. |
Learn more about Application Security (AppSec) Open Source Tools and Testing Techniquesan idea by heidi.bronson Project DescriptionApplication security (AppSec) is a threat that all organizations are facing. While we have QA engineers and security teams to help avoid these threats, true AppSec can only be obtained by giving developers the tools to find and fix vulnerabilities before their code is pushed into the deployment pipeline. As a software engineer, I want to make sure that my applications are secure. During this hackweek, I want to study the OWASP Top 10 vulnerabilities, related testing techniques, and open source tools that can be used to test our applications and keep them safe from malicious actors. |
Project Verifree : internal key server(s)a project by mcaj Project descriptionThe project Verifree is about GPG key server. The goal is build a Key server, where users are able to |
Poking technologies for enrolling customer key to kernel trusted keyringa project by joeyli Project DescriptionThe keys in db or mok can be used to verify boot loader and kernel binary for booting. But upstream kernel doesn't trust them for enrolling to trusted keyring because they are enrolled outside the boundaries of kernel. Which means that IMA can not use db/mok keys for verification. |
Model checking the BPF verifieran invention by shunghsiyu Project DescriptionBPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490). |