UDS Maverick planning

Plans

Create Blueprints

Discussion Needed

• [kees] AppArmor upstream

  • make user-space aware of tunables and aliases
  • [jjohansen] change_profile pam_apparmor
  • [jdstrand] clean up wiki documentation
  • [sbeattie] find a release manager
  • [sbeattie] clarify policies
  • [jjohansen] create devel mailing list
• [kees] fscaps support in dpkg (needs packaging experts; cjwatson, slangasek)
• [mdeslaur] Create private directory by default even with no encryption (require pitti)
• [mdeslaur] GUI for ubuntu-support-status so desktop users can figure out if they're running software that may have security risks. Could we link this to our CVE tracker stats to give a risk assessment on universe software that has open CVEs? (required: mvo)
  • provide an early notification of EOL in update-manager
• [mdeslaur] Session to brainstorm on how to handle CVE-2009-3555 with stable releases
• [kees] GPG key migration and application compatibility testing (required: cjwatson)
  • migrate security team's keys
  • document how to do migration
  • document what software can't perform verifications any more
  • check on gnupg vs gnupg2 upgrade path
• [mdeslaur] How to get security updates applied more easily? (required: mvo, mpt)
  • is update-manager popup enough?
  • is update-manager asynchronous popup a security issue with spoofing?
  • should security updates be turned on automatically by default?
  • should update-manager gain a "Always install security updates automatically in the future?" checkbox?
  • remove password requirement for security updates? (an option in the update-manager settings panel?)
• [mdeslaur] Should gksudo and password dialogs show personal information to control spoofing? ie: a customized picture (required: pitti, mpt)
  • screensaver, e.g. does this already
• [kees] popcon accuracy/update investigation (requires mvo)
• [kees] VMBuilder improvements (requires soren)
  • sane partition sizings (parted "bug")
  • grub2 by default
  • add serial/console support to vm-new/vmbuilder
• [kees] discuss containers, lxc, etc, in the context of sbuild/schroot (CLONE_NEW* usage) (required: hallyn)

• [kees] discuss publishing security metrics (see RH's metrics for examples)

• [jdstrand] tedg crackfest

  • app indicator area for security stuff-- apparmor-notify, ufw-notify, logfile-notify
• [kees] kernel hardening
  • symlinks
  • hardlinks
  • ptrace
  • add execshield toggles to our nx-emu patch, as RH does
  • attempt to upstream nx-emu patch set

• [jdstrand] Community USNs (see https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001055.html)

  • create automated security announcements for universe security updates
• [jdstrand] discuss ways to rotate repsonsibilities: eg, traditionally kees has done kernel, jdstrand mozilla products and mdeslaur webkit
• [jdstrand] improve apparmor packaging

No Discussion

• [jdstrand] sVirt
  • properly support save/restore (LP: #457716)
  • maintenance/merges

• [mdeslaur] Refresh Apport hook review/creation for security-oriented packages

  • push apparmor rejection collection into apport's hook-utils
  • modify apport hooks to automatically add apparmor tag if a denial is found
  • hook up apparmor to apport when alert messages appear

• [mdeslaur] Renew Two factor authentication

  • write wiki page detailing types of 2 factor auth

  • [jdstrand] create howto for remote access one-time password auth: HOTP/yubikey (new) or opie s/key (old)

  • create howto for USB key storage of ecryptfs key
  • create howto for smartcard storage of gpg and ssh keys
  • create howto for fingerprint reader authentication
  • investigate two factor auth to Active Directory
  • add appropriate howtos to official documentation
• [jdstrand] HTML USNs (reprise)

• [jdstrand] ufw (see SecurityTeam/Roadmap)

• [jdstrand] create a Security/Authentication page detailing various authentication mechanisms in Ubuntu, and how to properly use them

• [jdstrand] update the wiki page detailing various authorization mechanisms in Ubuntu, and how to properly use them (https://wiki.ubuntu.com/Security/Privileges)

• catch-all
  • [kees] deroot auditd, get into main

  • [kees] re-submit gcc testsuite updates (part 1, part 2) to upstream

  • [jdstrand] apparmor profile for chromium
  • [jdstrand] investigate HIPL (Host Identity Protocol for Linux) for permanent, location-independent names for hosts. Could help with firewalling (needs ufw support).

Add to Roadmap

• [kees] work around i386 mono executable stack
• create wiki page for "How can the Ubuntu Security Team help Debian better?"
• Building a better gnome-keyring (would need participation from upstream gnome-keyring developer, Stef Walter, who may not be at UDS...)

Reference

Marc Deslauriers

• Create private directory by default even with no encryption
• GUI for ubuntu-support-status so desktop users can figure out if they're running software that may have security risks. Could we link this to our CVE tracker stats to give a risk assessment on universe software that has open CVEs?
• Building a better gnome-keyring (would need participation from upstream gnome-keyring developer, who may not be at UDS...)
• Session to brainstorm on how to handle CVE-2009-3555 with stable releases
• GPG key migration and application compatibility testing
• How to get security updates applied more easily?
  • is update-manager popup enough?
  • is update-manager asynchronous popup a security issue with spoofing?
  • should security updates be turned on automatically by default?
  • should update-manager gain a "Always install security updates automatically in the future?" checkbox?
  • remove password requirement for security updates? (an option in the update-manager settings panel?)
• Should gtksudo and password dialogs show personal information to control spoofing? ie: a customized picture

Kees Cook

• Review https://wiki.ubuntu.com/SecurityTeam/Roadmap

• break out dpkg-fscaps tasks from deferred items into a separate blueprint
• add execshield toggles to our nx-emu patch, as RH does
• popcon accuracy/update investigation
• add serial/console support to vm-new/vmbuilder
• discuss containers, lxc, etc, in the context of sbuild/schroot (CLONE_NEW* usage)

• discuss publishing security metrics (see RH's metrics for examples)

• re-submit gcc testsuite updates (part 1, part 2) to upstream

• attempt to upstream nx-emu patch set

• tedg crackfest

• kernel hardening
  • symlinks
  • hardlinks
  • ptrace

Jamie Strandboge

In no particular order:

• apparmor profile for chromium

• Community USNs (see https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001055.html)

• HTML USNs (reprise)
• investigate HIPL (Host Identity Protocol for Linux) for permanent, location-independent names for hosts. Could help with firewalling (needs ufw support).

• ufw (see SecurityTeam/Roadmap)

• investigate opie s/key, document it for Ubuntu
• create a Security/Authentication page detailing various authentication mechanisms in Ubuntu, and how to properly use them
• app indicator area for security stuff-- apparmor-notify, ufw-notify, logfile-notify
• discuss ways to rotate repsonsibilities: eg, traditionally kees as done kernel, jdstrand mozilla products and mdeslaur webkit

Items Deferred from Lucid

• sVirt apparmor security driver

  • properly support save/restore (LP: #457716)

• Debugging screen locking problems

  • backport apport hooks to older releases in screen-locking PPA
  • review old bugs for the common Karmic failure (suspend-before-locked)

• Improve AppArmor usability in Ubuntu

  • make user-space aware of tunables
  • hook up apparmor to apport when alert messages appear
  • modify user tools to get logs directly from the kernel
  • update tools for directory load of tunables
  • update tools for alias support (/usr)

• Security Team catch-all work for Lucid (high)

  • create proof-of-concept fscaps handling in dpkg
  • present fscaps ideas to Debian

• Two factor authentication

  • write wiki page detailing types of 2 factor auth
  • create howto for remote access one-time password auth
  • create howto for USB key storage of ecryptfs key
  • create howto for smartcard storage of gpg and ssh keys
  • create howto for fingerprint reader authentication
  • investigate two factor auth to Active Directory
  • add appropriate howtos to official documentation

• Apport hook review/creation for security-oriented packages

  • push apparmor rejection collection into apport's hook-utils
  • modify apport hooks to automatically add apparmor tag if a denial is found

• Security Team catch-all work for Lucid (medium)

  • reply to Debian criticism of fscaps handling
  • refactor dpkg fscap handling
  • resubmit dpkg fscaps handling to Debian
  • [mvo] provide an early notification of EOL in update-manager
  • deroot auditd
  • [jjohansen] change_profile pam_apparmor

• AppArmor upstream planning

  • [jdstrand] clean up wiki documentation
  • [sbeattie] find a release manager
  • [sbeattie] clarify policies
  • [jjohansen] create devel mailing list

• Security Team catch-all work for Lucid (low)

  • [kees] work around i386 mono executable stack
  • create automated security announcements for universe security updates

• How can the Ubuntu Security Team help Debian better?

  • create wiki page
  • shop it to Debian
  • update wiki with Debian feedback