ProactiveSecurityRoadmap
|
Size: 2215
Comment: pri
|
Size: 2922
Comment: convert to SpecTemplate
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Priority = | ##(see the SpecSpec for an explanation) |
| Line 3: | Line 3: |
| NeedPriorityAssigned | = Proactive Security Roadmap = |
| Line 5: | Line 5: |
| = People = | == Status == |
| Line 7: | Line 7: |
| * MartinPitt * MatthiasKlose * BrandonHale * AndrewMitchell |
* Created: [[Date(2005-04-24T00:17:26Z)]] by MattZimmerman[[BR]] * Priority: NeedsPriority[[BR]] * People: NeedsLead, NeedsSecond[[BR]] * Contributors: MattZimmerman[[BR]] * Interested: MartinPitt, MatthiasKlose, BrandonHale, AndrewMitchell[[BR]] * Status: BrainDump, BreezyGoal, UduBof, DistroSpecification[[BR]] * Branch: [[BR]] * Malone Bug: [[BR]] * Packages: [[BR]] * Depends: [[BR]] * UduSessions: 1, 4, 8, etc [[BR]] |
| Line 12: | Line 19: |
| = Goal = | == Introduction == |
| Line 14: | Line 21: |
| Proactively improve security for Breezy | Establish a strategy for implementing proactive security features in Ubuntu |
| Line 16: | Line 23: |
| = Requirements = | == Rationale == |
| Line 18: | Line 25: |
| * Run cron as non-root? * Run dhclient3 as non-root? * Run dhcpd3 as non-root? * Change {{{unix_chkpwd}}} from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583]) * Eliminate inetd from base |
== Scope and Use Cases == * Privilege reduction * Run cron as non-root? * Run dhclient3 as non-root? * Run dhcpd3 as non-root? * Change {{{unix_chkpwd}}} from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583]) |
| Line 26: | Line 35: |
| * MAC (SELinux)? | |
| Line 27: | Line 37: |
| = Agenda = | == Implementation Plan == |
| Line 29: | Line 39: |
| = Pre-Work = | === Data Preservation and Migration === === Packages Affected === === User Interface Requirements === == Outstanding Issues == === UDU BOF Agenda === === UDU Pre-Work === |
Proactive Security Roadmap
Status
Created: Date(2005-04-24T00:17:26Z) by MattZimmermanBR
Priority: NeedsPriorityBR
People: NeedsLead, NeedsSecondBR
Contributors: MattZimmermanBR
Interested: MartinPitt, MatthiasKlose, BrandonHale, AndrewMitchellBR
Status: BrainDump, BreezyGoal, UduBof, DistroSpecificationBR
Branch: BR
Malone Bug: BR
Packages: BR
Depends: BR
UduSessions: 1, 4, 8, etc BR
Introduction
Establish a strategy for implementing proactive security features in Ubuntu
Rationale
Scope and Use Cases
- Privilege reduction
- Run cron as non-root?
- Run dhclient3 as non-root?
- Run dhcpd3 as non-root?
Change unix_chkpwd from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583])
- Compile-time stack protection?
- Non-executable stack for i386?
Some info already compiled http://ubuntu.com/wiki/UbuntuHardened
- MAC (SELinux)?
Implementation Plan
Data Preservation and Migration
Packages Affected
User Interface Requirements
Outstanding Issues
UDU BOF Agenda
UDU Pre-Work
- Research privilege requirements of cron
MartinPitt: Parsing the crontabs as normal user and introducing a minimal setuid wrapper for actually executing the commands as the target user will not help to improve security; the remaining stuff (timer and signal handling) does not accept user input and thus is not very error prone. I do not really have a good idea about this. (Note: atd also runs with root privileges, it just hides them a bit; I do not have an idea how to deroot this either, it's the same problem.)
- Research privilege requirements of dhclient3
MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE; needs a suid wrapper to call /etc/dhcp3/dhclient-script; prototypical package available; pending security review of dhclient-script (proper quoting, etc.)
- Research privilege requirements of dhcpd3
MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE for initialization phase; can be dropped after socket creation; prototypical package available
- Search for implicit dependencies on inetd via netbase
MartinPitt: I compiled a list of all packages in main which use inetd on page InetdUsage.
- Determine requirements for compile-time stack protection in gcc (4.x?)
MartinPitt: mudflap comes with gcc 4.0, but does not help in any way to improve proactive security; [http://www.research.ibm.com/trl/projects/security/ssp/ SSP] currently offers the [http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf most effective protection], but does not (currently) work with 4.0 and is unlikely to be accepted upstream
UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap (last edited 2008-08-06 16:18:54 by localhost)