General discussion and security feature catch-all overview
Discuss general Ubuntu security concerns, possibly leading to new UDS sessions. Possible topics:
- UFW improvements (interfaces and egress filtering)
- proper PIE-handling in GDB (current patch barely works, upstream wants more correct approach)
- openjdk-6 testsuite cleanup from default compiler flags
- approach upstream glibc about futility of fwrite checks when lacking fprintf and fclose checks.
- automated Debian-security fetch/try/build system
- bug 56755 have sudo warn if it is prompting on a non-terminal fd
- bug 104602 sort out bad vt interaction between usplash and other applications
- more PIE applications
- get default Private home directory set up, even if ecryptfs not in use
- non-exec stack bugs
- tomoyo packaging
- AppAarmor load times (upstream and packaging)
Blueprint information
- Status:
- Not started
- Approver:
- Rick Clark
- Priority:
- Undefined
- Drafter:
- Kees Cook
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
-
Informational
- Milestone target:
- None
- Started by
- Completed by
Whiteboard
The status of these various items is being tracked in https:/
* Discuss general Ubuntu security concerns, possibly leading to new UDS sessions. Some of this is based on:
https:/
* Possible topics:
* UFW improvements (interfaces and egress filtering)
* gui to turn on and off, turn on off
- Simplified gui with on/off and application selectors
* application open by default, but configurable
* enable by default
* disable all by default
* location? control center applets
* port 25 if mail-transport-
* network-manager (create a new network, open it up)
* dynamically detect outbound connections and somehow prompt (only do it if from a user writable directory?)
* unified method to ask security questions
* proper PIE-handling in GDB (current patch barely works, upstream wants more correct approach)
* openjdk-6 testsuite cleanup from default compiler flags
* approach upstream glibc about futility of fwrite checks when lacking fprintf and fclose checks.
* automated Debian-security fetch/try/build system (mom, ubuntuwire (rcbugs), pitti may have some)
- Get a report with some debdiffs the security team could review
- At least open a bug with a failed/fuzzed debdiff that could be used as a starting point for community work
* bug 56755 have sudo warn if it is prompting on a non-terminal fd (Debian said won't fix-- investigate)
- Should be forwarded upstream
* bug 104602 sort out bad vt interaction between usplash and other applications
- corner-case: sulogin with root password and usplash starts
* more PIE applications
- on 64 bit, perception was that the performace impact was minor, but testing shows it's a 20% slowdown
- Applications need to be targeted so the performance impact is acceptable
- Would like to see pidgin and firefox on the list
- avoid CPU bound apps
- Clamav is already contained and is too cpu-bound to use PIE
- Cyrus is too cpu-bound. I can provide some example (waver)
- Sasl?
- Totem (Gstreamer) - very cpu-bound - needs testing to determine if
performance impact is acceptable
- Vlc (not in main)
- Security team could make available a PPA for PIE testing, and the community could do performance testing.
- possible add comment in the binary that won't get stripped
* get default Private home directory set up, even if ecryptfs not in use
- international issues, would need to be added to the list of folders that are already translated
- user confusion: Is the private directory encrypted or not?
* non-exec stack bugs
* tomoyo packaging
* AppArmor load times (upstream and packaging)
* Others?
