Linux, in the tradition of UNIX-like operating systems, implements file system permissions using a rather coarse scheme. While this is sufficient for a surprisingly large set of applications, it is too inflexible for many other scenarios. For that reason, all the major commercial UNIX operating systems have extended this simple scheme in one way or the other. This is an effort to implement POSIX-like Access Control Lists for Linux. Access Control Lists are built on top of Extended Attributes, which can also be used to associate other pieces of information with files such as Filesystem Capabilities, or user data like mime type and search keywords.
HAVEGE (HArdware Volatile Entropy Gathering and Expansion) is a user-level software unpredictable random number generator for general-purpose computers that exploits modifications of the internal volatile hardware states as a source of uncertainty. It combines on-the-fly hardware volatile entropy gathering with pseudo-random number generation. The internal state includes thousands of internal volatile hardware states and is merely unmonitorable. It can support several hundreds of megabits per second on current workstations and PCs.
MinorFS combines a small set of cooperating userspace filesystems for Linux that provide private storage to pseudo persistent processes. This allows programs that are run by a user to keep some data safe from all potential malware that runs with all this users' privileges. It further implements simple password capabilities as a way to explicitly share access with other processes or users.
OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitates their use in security applications such as authentication, mail encryption, and digital signatures. OpenSC implements the PKCS#11 API so that applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card, OpenSC implements the PKCS#15 standard, and aims to be compatible with every software/card that does so.
OpenXAdES enables people to work with legally-binding digital signatures (primarily giving and verifying them). Legislation often defines a set of requirements that legal digital signature technologies and infrastructures must be compliant with, and OpenXAdES aims at meeting many, if not all, such requirements from different legislations.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
PAM_pkcs#11 is a Linux-PAM login module that allows a X.509 certificate based user login. The certificate and its dedicated private key are thereby accessed by means of an appropriate PKCS #11 module. For the verification of the users' certificates, locally stored CA certificates as well as either online or locally accessible CRLs are used. A very flexible, stackable, and configurable Certificate-To-Login mapping scheme is provided to deduce/verify the username to log in.