L
|
Size: 1470
Comment:
|
Size: 3548
Comment: assigned!
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 30: | Line 30: |
| * apparmor abstractions cleanup * apparmor usability * sort out apparmor upstream vs apparmor in ubuntu (is this still needed?) * ufw * usability improvements: * delete by number * reset * limit command options * show listening * rsyslog * more reporting * more work on ufw/upstart/boot integration * what does server team need/want (eg, ebtables?) * requested features (eg ufw-simple-gui, nat/rdr, etc) * libvirt/apparmor features, polishing and maintenance * bug fixing * add backing store support * make sure it works with newer releases * support features newly supported by the selinux driver * continue to develop test cases (eg pool-* and vol-* commands) * run qemu:///system VMs as non-root * we should generalize and improve the apparmor apport hook * update firefox profile to work better in KDE (and XFCE) * implement a way to automatically, but temporarily, subscribe ubuntu-security to package bugs for security uploads |
|
| Line 32: | Line 56: |
| * Smartcard/USB token authentication * Certificate on USB disk authentication == Sessions == * (kees) apport hooks (vs https://bugs.edge.launchpad.net/~ubuntu-security/+packagebugs, common security bugs, AA profiled packages, list of reasons why no hook, etc) * (nxvl) review sponsorship process and compare to security-sponsorship * (kees) http://fedoraproject.org/wiki/Features/LowerProcessCapabilities (foundations) * (mdeslaur) screen lock does not work (requires Gnome screen saver folks, Riddell, QA, create "DebuggingScreenLocking", triage borked systems) * (jdstrand) "How can the Ubuntu Security Team help Debian better?" (debian folks?) * (kees) Notification of system BIOS failures (NX bit. Needs DX.) * (jdstrand) apparmor abstractions cleanup * (jdstrand) apparmor usability in Ubuntu (existing profiles, userspace tools, profile creation, upgrade tunables, reporting denials) * (kees) AppArmor upstream planning session(s) * (mdeslaur) Catch-all * (mdeslaur) 2-factor (Smartcard/USB token/fingerprint/Cert) authentication (soren) |
Dumping ground for UDS ideas
KeesCook
apport hooks (vs https://bugs.edge.launchpad.net/~ubuntu-security/+packagebugs)
- review sponsorship process and compare to security-sponsorship
http://fedoraproject.org/wiki/Features/LowerProcessCapabilities
- figure out better "screen lock does not work" bug triage process
- filesystem capabilities
- forwarding patches to debian BTS for security updates
protecting select() users when RLIMIT_NOFILE > 1024 http://sourceware.org/bugzilla/show_bug.cgi?id=10352
- using lxc
- process limit unlimited (LP: #391761)
- readdir_r stack smashing (LP: #392501)
- patch ssh to gain boolean to disable banner
- patch ssh to gain -Wl,-z,now
- patch samba to gain -Wl,-z,now
upstream NX-emu patch http://www.codemonkey.org.uk/junk/linus-es.txt
- mmap_min back into procps for reset-when-wine-goes-away?
mmap_min sysctl drop from dosemu, wine http://wiki.debian.org/mmap_min_addr
- procps warns about syncookies
- verify RO+NX kernel patch in 2.6.32+
review https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
- deroot auditd
- grub2 + TPM
http://people.canonical.com/~kees/nx-missing into pkg on server & desktop that has translations, preferably tied to x86/x86_64 arch.
- should /proc/kallsyms and /boot/System.map be root-only ?
JamieStrandboge
- apparmor abstractions cleanup
- apparmor usability
- sort out apparmor upstream vs apparmor in ubuntu (is this still needed?)
- ufw
- usability improvements:
- delete by number
- reset
- limit command options
- show listening
- rsyslog
- more reporting
- more work on ufw/upstart/boot integration
- what does server team need/want (eg, ebtables?)
- requested features (eg ufw-simple-gui, nat/rdr, etc)
- usability improvements:
- libvirt/apparmor features, polishing and maintenance
- bug fixing
- add backing store support
- make sure it works with newer releases
- support features newly supported by the selinux driver
- continue to develop test cases (eg pool-* and vol-* commands)
- run qemu:///system VMs as non-root
- we should generalize and improve the apparmor apport hook
- update firefox profile to work better in KDE (and XFCE)
- implement a way to automatically, but temporarily, subscribe ubuntu-security to package bugs for security uploads
MarcDeslauriers
- Smartcard/USB token authentication
- Certificate on USB disk authentication
Sessions
(kees) apport hooks (vs https://bugs.edge.launchpad.net/~ubuntu-security/+packagebugs, common security bugs, AA profiled packages, list of reasons why no hook, etc)
- (nxvl) review sponsorship process and compare to security-sponsorship
(kees) http://fedoraproject.org/wiki/Features/LowerProcessCapabilities (foundations)
(mdeslaur) screen lock does not work (requires Gnome screen saver folks, Riddell, QA, create "DebuggingScreenLocking", triage borked systems)
- (jdstrand) "How can the Ubuntu Security Team help Debian better?" (debian folks?)
- (kees) Notification of system BIOS failures (NX bit. Needs DX.)
- (jdstrand) apparmor abstractions cleanup
- (jdstrand) apparmor usability in Ubuntu (existing profiles, userspace tools, profile creation, upgrade tunables, reporting denials)
(kees) AppArmor upstream planning session(s)
- (mdeslaur) Catch-all
- (mdeslaur) 2-factor (Smartcard/USB token/fingerprint/Cert) authentication (soren)
SecurityTeam/UDS/L (last edited 2010-04-26 17:52:01 by pool-71-114-231-221)