ProactiveSecurityRoadmap

Differences between revisions 1 and 2
Revision 1 as of 2005-04-04 18:04:03
Size: 465
Editor: ca-studio-bsr1o-251
Comment:
Revision 2 as of 2005-04-10 23:37:43
Size: 529
Editor: ca-studio-bsr1o-251
Comment: merge zwiki stuff
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
 * Run dhcpd3 as non-root?
 * Compile-time stack protection?
Line 15: Line 17:
 * Compile-time stack protection  * Non-executable stack for i386?

People

Goal

Proactively improve security for Breezy

Requirements

  • Run cron as non-root?
  • Run dhclient3 as non-root?
  • Run dhcpd3 as non-root?
  • Compile-time stack protection?
  • Eliminate inetd from base
  • Non-executable stack for i386?

Agenda

Pre-Work

  • Research privilege requirements of cron, dhclient3
  • Search for implicit dependencies on inetd via netbase
  • Determine requirements for compile-time stack protection in gcc (4.x?)

UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap (last edited 2008-08-06 16:18:54 by localhost)