UDS Maverick planning = Plans = == Create Blueprints == === Discussion Needed === * [kees] AppArmor upstream * make user-space aware of tunables and aliases * [jjohansen] change_profile pam_apparmor * [jdstrand] clean up wiki documentation * [sbeattie] find a release manager * [sbeattie] clarify policies * [jjohansen] create devel mailing list * [kees] fscaps support in dpkg (needs packaging experts; cjwatson, slangasek) * [mdeslaur] Create private directory by default even with no encryption (require pitti) * [mdeslaur] GUI for ubuntu-support-status so desktop users can figure out if they're running software that may have security risks. Could we link this to our CVE tracker stats to give a risk assessment on universe software that has open CVEs? (required: mvo) * provide an early notification of EOL in update-manager * [mdeslaur] Session to brainstorm on how to handle CVE-2009-3555 with stable releases * [kees] GPG key migration and application compatibility testing (required: cjwatson) * migrate security team's keys * document how to do migration * document what software can't perform verifications any more * check on gnupg vs gnupg2 upgrade path * [mdeslaur] How to get security updates applied more easily? (required: mvo, mpt) * is update-manager popup enough? * is update-manager asynchronous popup a security issue with spoofing? * should security updates be turned on automatically by default? * should update-manager gain a "Always install security updates automatically in the future?" checkbox? * remove password requirement for security updates? (an option in the update-manager settings panel?) * [mdeslaur] Should gksudo and password dialogs show personal information to control spoofing? ie: a customized picture (required: pitti, mpt) * screensaver, e.g. does this already * [kees] popcon accuracy/update investigation (requires mvo) * [kees] VMBuilder improvements (requires soren) * sane partition sizings (parted "bug") * grub2 by default * add serial/console support to vm-new/vmbuilder * [kees] discuss containers, lxc, etc, in the context of sbuild/schroot (CLONE_NEW* usage) (required: hallyn) * [kees] discuss publishing security metrics (see [[http://www.redhat.com/security/data/metrics/|RH's metrics]] for examples) * [jdstrand] tedg crackfest ;) * app indicator area for security stuff-- apparmor-notify, ufw-notify, logfile-notify * [kees] kernel hardening * symlinks * hardlinks * ptrace * add execshield toggles to our nx-emu patch, as RH does * attempt to upstream nx-emu patch set * [jdstrand] Community USNs (see https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001055.html) * create automated security announcements for universe security updates * [jdstrand] discuss ways to rotate repsonsibilities: eg, traditionally kees has done kernel, jdstrand mozilla products and mdeslaur webkit * [jdstrand] improve apparmor packaging === No Discussion === * [jdstrand] sVirt * properly support save/restore (LP: #457716) * maintenance/merges * [mdeslaur] Refresh [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-apport-hooks|Apport hook review/creation for security-oriented packages]] * push apparmor rejection collection into apport's hook-utils * modify apport hooks to automatically add apparmor tag if a denial is found * hook up apparmor to apport when alert messages appear * [mdeslaur] Renew [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-2-factor-auth|Two factor authentication]] * write wiki page detailing types of 2 factor auth * [jdstrand] create howto for remote access one-time password auth: [[http://en.wikipedia.org/wiki/HOTP|HOTP]]/[[http://yubico.com/products/yubikey/|yubikey]] (new) or opie s/key (old) * create howto for USB key storage of ecryptfs key * create howto for smartcard storage of gpg and ssh keys * create howto for fingerprint reader authentication * investigate two factor auth to Active Directory * add appropriate howtos to official documentation * [jdstrand] HTML USNs (reprise) * [jdstrand] ufw (see [[SecurityTeam/Roadmap]]) * [jdstrand] create a Security/Authentication page detailing various authentication mechanisms in Ubuntu, and how to properly use them * [jdstrand] update the wiki page detailing various authorization mechanisms in Ubuntu, and how to properly use them (https://wiki.ubuntu.com/Security/Privileges) * catch-all * [kees] deroot auditd, get into main * [kees] re-submit gcc testsuite updates ([[http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39536|part 1]], [[http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39537|part 2]]) to upstream * [jdstrand] apparmor profile for chromium * [jdstrand] investigate HIPL (Host Identity Protocol for Linux) for permanent, location-independent names for hosts. Could help with firewalling (needs ufw support). === Add to Roadmap === * [kees] work around i386 mono executable stack * create wiki page for "How can the Ubuntu Security Team help Debian better?" * Building a better gnome-keyring (would need participation from upstream gnome-keyring developer, Stef Walter, who may not be at UDS...) = Reference = == Marc Deslauriers == * Create private directory by default even with no encryption * GUI for ubuntu-support-status so desktop users can figure out if they're running software that may have security risks. Could we link this to our CVE tracker stats to give a risk assessment on universe software that has open CVEs? * Building a better gnome-keyring (would need participation from upstream gnome-keyring developer, who may not be at UDS...) * Session to brainstorm on how to handle CVE-2009-3555 with stable releases * GPG key migration and application compatibility testing * How to get security updates applied more easily? * is update-manager popup enough? * is update-manager asynchronous popup a security issue with spoofing? * should security updates be turned on automatically by default? * should update-manager gain a "Always install security updates automatically in the future?" checkbox? * remove password requirement for security updates? (an option in the update-manager settings panel?) * Should gtksudo and password dialogs show personal information to control spoofing? ie: a customized picture == Kees Cook == * Review https://wiki.ubuntu.com/SecurityTeam/Roadmap * break out dpkg-fscaps tasks from deferred items into a separate blueprint * add execshield toggles to our nx-emu patch, as RH does * popcon accuracy/update investigation * add serial/console support to vm-new/vmbuilder * discuss containers, lxc, etc, in the context of sbuild/schroot (CLONE_NEW* usage) * discuss publishing security metrics (see [[http://www.redhat.com/security/data/metrics/|RH's metrics]] for examples) * re-submit gcc testsuite updates ([[http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39536|part 1]], [[http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39537|part 2]]) to upstream * attempt to upstream nx-emu patch set * tedg crackfest ;) * kernel hardening * symlinks * hardlinks * ptrace == Jamie Strandboge == In no particular order: * apparmor profile for chromium * Community USNs (see https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001055.html) * HTML USNs (reprise) * investigate HIPL (Host Identity Protocol for Linux) for permanent, location-independent names for hosts. Could help with firewalling (needs ufw support). * ufw (see [[SecurityTeam/Roadmap]]) * investigate opie s/key, document it for Ubuntu * create a Security/Authentication page detailing various authentication mechanisms in Ubuntu, and how to properly use them * app indicator area for security stuff-- apparmor-notify, ufw-notify, logfile-notify * discuss ways to rotate repsonsibilities: eg, traditionally kees as done kernel, jdstrand mozilla products and mdeslaur webkit == Items Deferred from Lucid == * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-libvirt-apparmor-devel|sVirt apparmor security driver]] * properly support save/restore (LP: #457716) * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-screenlocking|Debugging screen locking problems]] * backport apport hooks to older releases in screen-locking PPA * review old bugs for the common Karmic failure (suspend-before-locked) * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-apparmor-usability|Improve AppArmor usability in Ubuntu]] * make user-space aware of tunables * hook up apparmor to apport when alert messages appear * modify user tools to get logs directly from the kernel * update tools for directory load of tunables * update tools for alias support (/usr) * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-catchall-high|Security Team catch-all work for Lucid (high)]] * create proof-of-concept fscaps handling in dpkg * present fscaps ideas to Debian * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-2-factor-auth|Two factor authentication]] * write wiki page detailing types of 2 factor auth * create howto for remote access one-time password auth * create howto for USB key storage of ecryptfs key * create howto for smartcard storage of gpg and ssh keys * create howto for fingerprint reader authentication * investigate two factor auth to Active Directory * add appropriate howtos to official documentation * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-apport-hooks|Apport hook review/creation for security-oriented packages]] * push apparmor rejection collection into apport's hook-utils * modify apport hooks to automatically add apparmor tag if a denial is found * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-catchall-medium|Security Team catch-all work for Lucid (medium)]] * reply to Debian criticism of fscaps handling * refactor dpkg fscap handling * resubmit dpkg fscaps handling to Debian * [mvo] provide an early notification of EOL in update-manager * deroot auditd * [jjohansen] change_profile pam_apparmor * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-apparmor-upstream|AppArmor upstream planning]] * [jdstrand] clean up wiki documentation * [sbeattie] find a release manager * [sbeattie] clarify policies * [jjohansen] create devel mailing list * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-catchall-low|Security Team catch-all work for Lucid (low)]] * [kees] work around i386 mono executable stack * create automated security announcements for universe security updates * [[https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-ubuntu-and-debian|How can the Ubuntu Security Team help Debian better?]] * create wiki page * shop it to Debian * update wiki with Debian feedback