Improve security with polyinstantiation
There is a really good article about using directory polyinstantiation in PAM:
http://www.ibm.com/developerworks/linux/library/l-polyinstantiation/?ca=dgr-lnxw02LinuxPAMSecurity&S_TACT=105AGX59&S_CMP
I hope to see this used by default in an upcoming Fedora release. All the bits are there, someone just needs to put them together. The basics are that each user gets their own personal /tmp for example. This then (mostly) eliminates things like insecure temp file usage flaws.
Evolution or Intelligent Design?
A quite serious Evolution critical issue was released last week:
http://secunia.com/advisories/29057/
This issue would allow an attacker to inject arbitrary code into your evolution process if you view the malformed message. There's not really a good way to protect against this, as the very nature of email is to view the messages you receive. Many people got very little sleep in order to release a timely update for this one.
A big thanks should go out to Secunia for giving everyone a heads up about this. If you're running Evolution and you've not updated yet, you should do so.
