Hardening Ubuntu Server

Registered by Ivan Krstić on 2006-06-21

We should look into adding selective system hardening features to Ubuntu Server, and possibly propagate them to the desktop after sufficient testing. The broken-by-default Edgy release provides a good place to throw in security code that can potentially break things, and see exactly what breaks.

Specifically, we should look at incorporating some of the featureset from grsecurity/PaX, such as ASLR, hardened jails, and some of the TCP/IP and socket security features that grsec provides. In addition, PIE and some memory protections should be considered.

Most of these security mechanisms are kernel-based, so we need buyin from our kernel folks.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Drafting
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.