Kernel

  • Launchpad entry: none yet

  • Created: 2006-08-02 by JohnMoser

  • Contributors: JohnMoser

  • Packages affected:

Summary

This spec defines a hardened kernel aspect of the Ubuntu Hardened Team specified in HardenedUbuntu: The Ubuntu Hardened Kernel Team

Rationale

Systems with specific security concerns may require a specifically secure kernel. A special Hardened kernel should be supplied containing these specific security features.

Use cases

  • Sun Microsystems decides to offer more secure Ubuntu-based Athlon 64 servers. It has a choice between standard SELinux-enabled kernels with stack and mmap() randomization; or grsecurity-enabled kernels with stack, heap, mmap(), and main executable randomization that can take SELinux or grsecurity policy and use the grsecurity policy learning code.

Scope

The Ubuntu Hardened Kernel Team will be responsible for managing and maintaining a separate hardened kernel. Their responsibilities will be as such:

  • Determine what security features need to be added to a specially hardened kernel on top of an Ubuntu stock kernel.
    • Determine which features can safely be maintained in an Ubuntu stock kernel and supply the Ubuntu Kernel Team patches for any such features that are accepted.
  • Work with the Ubuntu Kernel Team to maintain full security patches on both kernels.
    • If a security patch is not available, find or create a temporary work-around if possible.
  • Maintain communication with other hardened distributions and with upstream kernel hardening projects such as PaX and grsecurity.

Design

Implementation

Among the list of features that the Ubuntu Hardened Kernel should include are:

  • grsecurity; this supplies:
    • Automatic, self-learning RBAC system for mandatory access control
    • Associating terminals with IP addresses connected to the creating process
    • Auditing of a specific group
    • Process ID randomization

    • chroot() jail hardening

    • Address space randomization brute force deterrence
    • PaX

      • Address space randomization for stack, mmap(), brk() segment, and main executable

      • High-entropy randomization 8 bits better for mmap() and 5 bits better for stack than mainline on i386; even higher on 64-bit architectures.

      • Enhanced MemoryProtections to prevent PROT_WRITE|PROT_EXEC memory and other data-code confusion.

  • SELinux; can be used as long as the grsecurity RBAC system is not brought up at the same time

Code

Someone will have to merge and maintain the involved patches on top of the stock Ubuntu kernel.

Data preservation and migration

Unresolved issues

BoF agenda and discussion

CategorySpec

HardenedUbuntu/Kernel (last edited 2008-08-06 16:29:04 by localhost)