ProactiveSecurityRoadmap
1468
Comment: added priv requirements of cron
|
1848
notes about stack smash protections
|
Deletions are marked like this. | Additions are marked like this. |
Line 37: | Line 37: |
Line 38: | Line 39: |
MartinPitt: mudflap comes with gcc 4.0, but does not help in any way to improve proactive security; [http://www.research.ibm.com/trl/projects/security/ssp/ SSP] currently offers the [http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf most effective protection], but does not (currently) work with 4.0 and is unlikely to be accepted upstream |
People
Goal
Proactively improve security for Breezy
Requirements
- Run cron as non-root?
- Run dhclient3 as non-root?
- Run dhcpd3 as non-root?
Change unix_chkpwd from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583])
- Eliminate inetd from base
- Compile-time stack protection?
- Non-executable stack for i386?
Some info already compiled http://ubuntu.com/wiki/UbuntuHardened
Agenda
Pre-Work
- Research privilege requirements of cron
MartinPitt: daemon needs to run as group crontab, /var/spool/cron/crontabs needs to become owned by cron rather than root, a new setuid wrapper program is required which executes the relevant portion of do_command.c/child_process() as root
- Research privilege requirements of dhclient3
MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE; needs a suid wrapper to call /etc/dhcp3/dhclient-script; prototypical package available; pending security review of dhclient-script (proper quoting, etc.)
- Research privilege requirements of dhcpd3
MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE for initialization phase; can be dropped after socket creation; prototypical package available
- Search for implicit dependencies on inetd via netbase
- Determine requirements for compile-time stack protection in gcc (4.x?)
MartinPitt: mudflap comes with gcc 4.0, but does not help in any way to improve proactive security; [http://www.research.ibm.com/trl/projects/security/ssp/ SSP] currently offers the [http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf most effective protection], but does not (currently) work with 4.0 and is unlikely to be accepted upstream
UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap (last edited 2008-08-06 16:18:54 by localhost)