M
UDS Maverick planning
Plans
Create Blueprints
- sVirt
- properly support save/restore (LP: #457716)
AppArmor upstream
- make user-space aware of tunables and aliases
- [jjohansen] change_profile pam_apparmor
- [jdstrand] clean up wiki documentation
- [sbeattie] find a release manager
- [sbeattie] clarify policies
- [jjohansen] create devel mailing list
Refresh Apport hook review/creation for security-oriented packages
- push apparmor rejection collection into apport's hook-utils
- modify apport hooks to automatically add apparmor tag if a denial is found
- hook up apparmor to apport when alert messages appear
- fscaps support in dpkg
Renew Two factor authentication
- write wiki page detailing types of 2 factor auth
- create howto for remote access one-time password auth, opie s/key
- create howto for USB key storage of ecryptfs key
- create howto for smartcard storage of gpg and ssh keys
- create howto for fingerprint reader authentication
- investigate two factor auth to Active Directory
- add appropriate howtos to official documentation
- Create private directory by default even with no encryption
- GUI for ubuntu-support-status so desktop users can figure out if they're running software that may have security risks. Could we link this to our CVE tracker stats to give a risk assessment on universe software that has open CVEs?
- Session to brainstorm on how to handle CVE-2009-3555 with stable releases
- GPG key migration and application compatibility testing
- migrate security team's keys
- document how to do migration
- document what software can't perform verifications any more
- check on gnupg vs gnupg2 upgrade path
- How to get security updates applied more easily?
- is update-manager popup enough?
- is update-manager asynchronous popup a security issue with spoofing?
- should security updates be turned on automatically by default?
- should update-manager gain a "Always install security updates automatically in the future?" checkbox?
- remove password requirement for security updates? (an option in the update-manager settings panel?)
- Should gtksudo and password dialogs show personal information to control spoofing? ie: a customized picture
- popcon accuracy/update investigation (requires mvo)
- VMBuilder improvements (requires soren)
- sane partition sizings (parted "bug")
- grub2 by default
- add serial/console support to vm-new/vmbuilder
- discuss containers, lxc, etc, in the context of sbuild/schroot (CLONE_NEW* usage)
discuss publishing security metrics (see RH's metrics for examples)
tedg crackfest
- app indicator area for security stuff-- apparmor-notify, ufw-notify, logfile-notify
- kernel hardening
- symlinks
- hardlinks
- ptrace
Community USNs (see https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001055.html)
- HTML USNs (reprise)
ufw (see SecurityTeam/Roadmap)
- create a Security/Authentication page detailing various authentication mechanisms in Ubuntu, and how to properly use them
update the wiki page detailing various authorization mechanisms in Ubuntu, and how to properly use them (https://wiki.ubuntu.com/Security/Privileges)
- discuss ways to rotate repsonsibilities: eg, traditionally kees as done kernel, jdstrand mozilla products and mdeslaur webkit
- Misc
- [mvo] provide an early notification of EOL in update-manager
- deroot auditd, get into main
- create automated security announcements for universe security updates
- add execshield toggles to our nx-emu patch, as RH does
re-submit gcc testsuite updates (part 1, part 2) to upstream
- attempt to upstream nx-emu patch set
- apparmor profile for chromium
- investigate HIPL (Host Identity Protocol for Linux) for permanent, location-independent names for hosts. Could help with firewalling (needs ufw support).
Add to Roadmap
- [kees] work around i386 mono executable stack
- create wiki page for "How can the Ubuntu Security Team help Debian better?"
- Building a better gnome-keyring (would need participation from upstream gnome-keyring developer, Stef Walter, who may not be at UDS...)
Reference
Marc Deslauriers
- Create private directory by default even with no encryption
- GUI for ubuntu-support-status so desktop users can figure out if they're running software that may have security risks. Could we link this to our CVE tracker stats to give a risk assessment on universe software that has open CVEs?
- Building a better gnome-keyring (would need participation from upstream gnome-keyring developer, who may not be at UDS...)
- Session to brainstorm on how to handle CVE-2009-3555 with stable releases
- GPG key migration and application compatibility testing
- How to get security updates applied more easily?
- is update-manager popup enough?
- is update-manager asynchronous popup a security issue with spoofing?
- should security updates be turned on automatically by default?
- should update-manager gain a "Always install security updates automatically in the future?" checkbox?
- remove password requirement for security updates? (an option in the update-manager settings panel?)
- Should gtksudo and password dialogs show personal information to control spoofing? ie: a customized picture
Kees Cook
- break out dpkg-fscaps tasks from deferred items into a separate blueprint
- add execshield toggles to our nx-emu patch, as RH does
- popcon accuracy/update investigation
- add serial/console support to vm-new/vmbuilder
- discuss containers, lxc, etc, in the context of sbuild/schroot (CLONE_NEW* usage)
discuss publishing security metrics (see RH's metrics for examples)
re-submit gcc testsuite updates (part 1, part 2) to upstream
- attempt to upstream nx-emu patch set
tedg crackfest
- kernel hardening
- symlinks
- hardlinks
- ptrace
Jamie Strandboge
In no particular order:
- apparmor profile for chromium
Community USNs (see https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001055.html)
- HTML USNs (reprise)
- investigate HIPL (Host Identity Protocol for Linux) for permanent, location-independent names for hosts. Could help with firewalling (needs ufw support).
ufw (see SecurityTeam/Roadmap)
- investigate opie s/key, document it for Ubuntu
- create a Security/Authentication page detailing various authentication mechanisms in Ubuntu, and how to properly use them
- app indicator area for security stuff-- apparmor-notify, ufw-notify, logfile-notify
- discuss ways to rotate repsonsibilities: eg, traditionally kees as done kernel, jdstrand mozilla products and mdeslaur webkit
Items Deferred from Lucid
sVirt apparmor security driver
- properly support save/restore (LP: #457716)
Debugging screen locking problems
- backport apport hooks to older releases in screen-locking PPA
- review old bugs for the common Karmic failure (suspend-before-locked)
Improve AppArmor usability in Ubuntu
- make user-space aware of tunables
- hook up apparmor to apport when alert messages appear
- modify user tools to get logs directly from the kernel
- update tools for directory load of tunables
- update tools for alias support (/usr)
Security Team catch-all work for Lucid (high)
- create proof-of-concept fscaps handling in dpkg
- present fscaps ideas to Debian
- write wiki page detailing types of 2 factor auth
- create howto for remote access one-time password auth
- create howto for USB key storage of ecryptfs key
- create howto for smartcard storage of gpg and ssh keys
- create howto for fingerprint reader authentication
- investigate two factor auth to Active Directory
- add appropriate howtos to official documentation
Apport hook review/creation for security-oriented packages
- push apparmor rejection collection into apport's hook-utils
- modify apport hooks to automatically add apparmor tag if a denial is found
Security Team catch-all work for Lucid (medium)
- reply to Debian criticism of fscaps handling
- refactor dpkg fscap handling
- resubmit dpkg fscaps handling to Debian
- [mvo] provide an early notification of EOL in update-manager
- deroot auditd
- [jjohansen] change_profile pam_apparmor
- [jdstrand] clean up wiki documentation
- [sbeattie] find a release manager
- [sbeattie] clarify policies
- [jjohansen] create devel mailing list
Security Team catch-all work for Lucid (low)
- [kees] work around i386 mono executable stack
- create automated security announcements for universe security updates
How can the Ubuntu Security Team help Debian better?
- create wiki page
- shop it to Debian
- update wiki with Debian feedback