ProactiveSecurityRoadmap

Differences between revisions 9 and 10
Revision 9 as of 2005-04-12 15:02:13
Size: 1848
Editor: pD9EB3351
Comment: notes about stack smash protections
Revision 10 as of 2005-04-12 15:38:27
Size: 1917
Editor: pD9E84A48
Comment: updated cron status
Deletions are marked like this. Additions are marked like this.
Line 28: Line 28:
 MartinPitt: daemon needs to run as group {{{crontab}}}, {{{/var/spool/cron/crontabs}}} needs to become owned by {{{cron}}} rather than root, a new setuid wrapper program is required which executes the relevant portion of {{{do_command.c/child_process()}}} as root  MartinPitt: Parsing the crontabs as normal user and introducing a minimal setuid wrapper for actually executing the commands as the target user will not help to improve security; the remaining stuff (timer and signal handling) does not accept user input and thus is not very error prone. I do not really have a good idea about this.

People

Goal

Proactively improve security for Breezy

Requirements

Agenda

Pre-Work

  • Research privilege requirements of cron

    MartinPitt: Parsing the crontabs as normal user and introducing a minimal setuid wrapper for actually executing the commands as the target user will not help to improve security; the remaining stuff (timer and signal handling) does not accept user input and thus is not very error prone. I do not really have a good idea about this.

  • Research privilege requirements of dhclient3

    MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE; needs a suid wrapper to call /etc/dhcp3/dhclient-script; prototypical package available; pending security review of dhclient-script (proper quoting, etc.)

  • Research privilege requirements of dhcpd3

    MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE for initialization phase; can be dropped after socket creation; prototypical package available

  • Search for implicit dependencies on inetd via netbase
  • Determine requirements for compile-time stack protection in gcc (4.x?)

    MartinPitt: mudflap comes with gcc 4.0, but does not help in any way to improve proactive security; [http://www.research.ibm.com/trl/projects/security/ssp/ SSP] currently offers the [http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf most effective protection], but does not (currently) work with 4.0 and is unlikely to be accepted upstream

UbuntuDownUnder/BOFs/ProactiveSecurityRoadmap (last edited 2008-08-06 16:18:54 by localhost)