It would be good for the Open Source Community in general to examine ProactiveSecurity features such as PaX. StackSmashProtection. and GrSecurity. These systems are useful in mitigating existing security holes in applications. A quick USNAnalysis shows a prediction of the impact such systems would have on Ubuntu Linux security.
In general, an intrusion is a very large annoyance, and could be potentially dangerous or disastrous. Protecting from intrusions protects the system from destruction by malicious attackers, and from leaking of confidential information to data miners. It would likely be advantageous to provide security enhancements wherever possible without degrading the user's experience.
There are a few very specific cases where the security enhancements here could be worse than the alternative. Certain systems demand that downtime be avoided if at all possible. For these, the DoS occuring when an intrusion is prevented--as the application is immediately terminated--may be worse than the intrusion. These systems will more often be more suited to a customized environment; they are the extreme minority, and the majority benefit greatly from these enhancements.
The following guidelines should be considered when employing such enhancements:
- Must not break binary compatibility with the original system or third party software
- Enhancements which may break third party software must be easily disabled
- Must not add excess administrative tasks
- Must not obfuscate or distort the user experience
- Must not create excessive, visible performance detriment
- Should potentially enhance the user's experience by preventing future infections by worms and intrusions by malicious attackes
There are several appropriate enhancements to consider:
make processes run as a normal user with added privileges instead of as root (DerootificationStatus)
IBM Stack Smash Protector (StackSmashProtection)
- /proc/(pid)/maps obscurity
- chroot restrictions
There may be more; these should be searched for. There are also other security enhancements which may not yet exist, may not yet be stable, or may not be entirely appropriate. Such may include:
- Digitally signed kernel modules
Digitally signed executables and libraries (DigSig)
There have been efforts to implement these enhancements already, such as Adamantix. Some of these are part of a much larger, more complex distribution aiming at more security and willing to sacrifice the user experience and suitability for general use. Otheres, such as Hardened Gentoo, are extremely modular by nature and allow an experienced, knowledgable user to customize the system to suit their needs. These enhancements should not be restricted when they are useful to the general audience.
There are current efforts to passively or actively merge such security enhancements with Debian, such as Debian: Secure by Default and Hardened Debian. Ubuntu and Debian could work together to this end to simultaneously bring both distributions to a greater level of security.
More Pages on Security
Section "Security" on the UserDocumentation page.