Hardening Ubuntu Server
Registered by
Ivan Krstić
We should look into adding selective system hardening features to Ubuntu Server, and possibly propagate them to the desktop after sufficient testing. The broken-by-default Edgy release provides a good place to throw in security code that can potentially break things, and see exactly what breaks.
Specifically, we should look at incorporating some of the featureset from grsecurity/PaX, such as ASLR, hardened jails, and some of the TCP/IP and socket security features that grsec provides. In addition, PIE and some memory protections should be considered.
Most of these security mechanisms are kernel-based, so we need buyin from our kernel folks.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Drafting
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)
