ProactiveSecurityRoadmap
Differences between revisions 2 and 3
529
Comment: merge zwiki stuff
|
642
added unix_chkpwd derooting target
|
Deletions are marked like this. | Additions are marked like this. |
Line 15: | Line 15: |
* Change {{{unix_chkpwd}}} from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583]) | |
Line 23: | Line 24: |
* Research privilege requirements of cron, dhclient3 | * Research privilege requirements of cron, dhclient3, dhcpd3 |
People
Goal
Proactively improve security for Breezy
Requirements
- Run cron as non-root?
- Run dhclient3 as non-root?
- Run dhcpd3 as non-root?
Change unix_chkpwd from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583])
- Compile-time stack protection?
- Eliminate inetd from base
- Non-executable stack for i386?
Agenda
Pre-Work
- Research privilege requirements of cron, dhclient3, dhcpd3
- Search for implicit dependencies on inetd via netbase
- Determine requirements for compile-time stack protection in gcc (4.x?)
UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap (last edited 2008-08-06 16:18:54 by localhost)