##(see the SpecSpec for an explanation) ## Register at https://launchpad.net/distros/ubuntu/+specs * '''Launchpad entry''': none yet * '''Created''': <> by JohnMoser * '''Contributors''': JohnMoser * '''Packages affected''': == Summary == This spec defines a hardened kernel aspect of the Ubuntu Hardened Team specified in HardenedUbuntu: The Ubuntu Hardened Kernel Team == Rationale == Systems with specific security concerns may require a specifically secure kernel. A special Hardened kernel should be supplied containing these specific security features. == Use cases == * Sun Microsystems decides to offer more secure Ubuntu-based Athlon 64 servers. It has a choice between standard SELinux-enabled kernels with stack and `mmap()` randomization; or grsecurity-enabled kernels with stack, heap, mmap(), and main executable randomization that can take SELinux or grsecurity policy and use the grsecurity policy learning code. == Scope == The Ubuntu Hardened Kernel Team will be responsible for managing and maintaining a separate hardened kernel. Their responsibilities will be as such: * Determine what security features need to be added to a specially hardened kernel on top of an Ubuntu stock kernel. * Determine which features can safely be maintained in an Ubuntu stock kernel and supply the Ubuntu Kernel Team patches for any such features that are accepted. * Work with the Ubuntu Kernel Team to maintain full security patches on both kernels. * If a security patch is not available, find or create a temporary work-around if possible. * Maintain communication with other hardened distributions and with upstream kernel hardening projects such as PaX and grsecurity. == Design == == Implementation == Among the list of features that the Ubuntu Hardened Kernel should include are: * grsecurity; this supplies: * Automatic, self-learning RBAC system for mandatory access control * Associating terminals with IP addresses connected to the creating process * Auditing of a specific group * Process ID randomization * `chroot()` jail hardening * Address space randomization brute force deterrence * PaX * Address space randomization for stack, `mmap()`, `brk()` segment, and main executable * High-entropy randomization 8 bits better for `mmap()` and 5 bits better for stack than mainline on i386; even higher on 64-bit architectures. * Enhanced MemoryProtections to prevent `PROT_WRITE|PROT_EXEC` memory and other data-code confusion. * SELinux; can be used as long as the grsecurity RBAC system is not brought up at the same time === Code === Someone will have to merge and maintain the involved patches on top of the stock Ubuntu kernel. === Data preservation and migration === == Unresolved issues == == BoF agenda and discussion == ---- CategorySpec