ProactiveSecurityRoadmap

Differences between revisions 7 and 8

People

Proactively improve security for Breezy

Run cron as non-root?
Run dhclient3 as non-root?
Run dhcpd3 as non-root?
Change unix_chkpwd from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583])
Eliminate inetd from base
Compile-time stack protection?
Non-executable stack for i386?
- Some info already compiled http://ubuntu.com/wiki/UbuntuHardened

Research privilege requirements of cron
MartinPitt: daemon needs to run as group crontab, /var/spool/cron/crontabs needs to become owned by cron rather than root, a new setuid wrapper program is required which executes the relevant portion of do_command.c/child_process() as root
Research privilege requirements of dhclient3
MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE; needs a suid wrapper to call /etc/dhcp3/dhclient-script; prototypical package available; pending security review of dhclient-script (proper quoting, etc.)
Research privilege requirements of dhcpd3
MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE for initialization phase; can be dropped after socket creation; prototypical package available
Search for implicit dependencies on inetd via netbase
Determine requirements for compile-time stack protection in gcc (4.x?)

UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap (last edited 2008-08-06 16:18:54 by localhost)

-  ⇤ ← Revision 7 as of 2005-04-12 12:18:53 → 
  Size: 1196
  Editor: client-204-194-122-1
  Comment:
+   ← Revision 8 as of 2005-04-12 14:57:12 → ⇥
  Size: 1468
  Editor: pD9EB3351
  Comment: added priv requirements of cron
-Deletions are marked like this.
+Additions are marked like this.
 Line 27:
+    MartinPitt: daemon needs to run as group {{{crontab}}}, {{{/var/spool/cron/crontabs}}} needs to become owned by {{{cron}}} rather than root, a new setuid wrapper program is required which executes the relevant portion of {{{do_command.c/child_process()}}} as root