People

• MartinPitt

• MatthiasKlose

Goal

Proactively improve security for Breezy

Requirements

• Run cron as non-root?
• Run dhclient3 as non-root?
• Run dhcpd3 as non-root?

• Change unix_chkpwd from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583])

• Compile-time stack protection?
• Eliminate inetd from base
• Non-executable stack for i386?

Agenda

Pre-Work

• Research privilege requirements of cron, dhclient3, dhcpd3
• Search for implicit dependencies on inetd via netbase
• Determine requirements for compile-time stack protection in gcc (4.x?)