People

• MartinPitt

• MatthiasKlose

• BrandonHale

Goal

Proactively improve security for Breezy

Requirements

• Run cron as non-root?
• Run dhclient3 as non-root?
• Run dhcpd3 as non-root?

• Change unix_chkpwd from suid root to sgid shadow (see [http://bugs.debian.org/155583 #155583])

• Eliminate inetd from base
• Compile-time stack protection?
• Non-executable stack for i386?

  • Some info already compiled http://ubuntu.com/wiki/UbuntuHardened

Agenda

Pre-Work

• Research privilege requirements of cron

  MartinPitt: daemon needs to run as group crontab, /var/spool/cron/crontabs needs to become owned by cron rather than root, a new setuid wrapper program is required which executes the relevant portion of do_command.c/child_process() as root

• Research privilege requirements of dhclient3

  MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE; needs a suid wrapper to call /etc/dhcp3/dhclient-script; prototypical package available; pending security review of dhclient-script (proper quoting, etc.)

• Research privilege requirements of dhcpd3

  MartinPitt: normal user with CAP_NET_RAW and CAP_NET_BIND_SERVICE for initialization phase; can be dropped after socket creation; prototypical package available

• Search for implicit dependencies on inetd via netbase
• Determine requirements for compile-time stack protection in gcc (4.x?)