ProactiveSecurityRoadmap

Revision 7 as of 2005-04-12 12:18:53

Clear message

People

Goal

Proactively improve security for Breezy

Requirements

Agenda

Pre-Work

  • Research privilege requirements of cron
  • Research privilege requirements of dhclient3

    MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE; needs a suid wrapper to call /etc/dhcp3/dhclient-script; prototypical package available; pending security review of dhclient-script (proper quoting, etc.)

  • Research privilege requirements of dhcpd3

    MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE for initialization phase; can be dropped after socket creation; prototypical package available

  • Search for implicit dependencies on inetd via netbase
  • Determine requirements for compile-time stack protection in gcc (4.x?)