L
Revision 10 as of 2009-11-09 18:31:52
Clear message
Dumping ground for UDS ideas
KeesCook
apport hooks (vs https://bugs.edge.launchpad.net/~ubuntu-security/+packagebugs)
- review sponsorship process and compare to security-sponsorship
http://fedoraproject.org/wiki/Features/LowerProcessCapabilities
- figure out better "screen lock does not work" bug triage process
- filesystem capabilities
- forwarding patches to debian BTS for security updates
protecting select() users when RLIMIT_NOFILE > 1024 http://sourceware.org/bugzilla/show_bug.cgi?id=10352
- using lxc
- process limit unlimited (LP: #391761)
- readdir_r stack smashing (LP: #392501)
- patch ssh to gain boolean to disable banner
- patch ssh to gain -Wl,-z,now
- patch samba to gain -Wl,-z,now
upstream NX-emu patch http://www.codemonkey.org.uk/junk/linus-es.txt
- mmap_min back into procps for reset-when-wine-goes-away?
mmap_min sysctl drop from dosemu, wine http://wiki.debian.org/mmap_min_addr
- procps warns about syncookies
- verify RO+NX kernel patch in 2.6.32+
review https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
- deroot auditd
- grub2 + TPM
http://people.canonical.com/~kees/nx-missing into pkg on server & desktop that has translations, preferably tied to x86/x86_64 arch.
- should /proc/kallsyms and /boot/System.map be root-only ?
JamieStrandboge
- apparmor abstractions cleanup
- apparmor usability
- sort out apparmor upstream vs apparmor in ubuntu (is this still needed?)
- ufw
- usability improvements:
- delete by number
- reset
- limit command options
- show listening
- rsyslog
- more reporting
- more work on ufw/upstart/boot integration
- what does server team need/want (eg, ebtables?)
- requested features (eg ufw-simple-gui, nat/rdr, etc)
- usability improvements:
- libvirt/apparmor polishing and maintenance
- bug fixing
- add backing store support
- make sure it works with newer releases
- support features newly supported by the selinux driver
- continue to develop test cases (eg pool-* and vol-* commands)
- we should generalize and improve the apparmor apport hook
- update firefox profile to work better in KDE (and XFCE)
MarcDeslauriers
- Smartcard/USB token authentication
- Certificate on USB disk authentication