General discussion and security feature catch-all overview

Registered by Kees Cook on 2009-04-28

Discuss general Ubuntu security concerns, possibly leading to new UDS sessions. Possible topics:
    - UFW improvements (interfaces and egress filtering)
    - proper PIE-handling in GDB (current patch barely works, upstream wants more correct approach)
    - openjdk-6 testsuite cleanup from default compiler flags
    - approach upstream glibc about futility of fwrite checks when lacking fprintf and fclose checks.
    - automated Debian-security fetch/try/build system
    - bug 56755 have sudo warn if it is prompting on a non-terminal fd
    - bug 104602 sort out bad vt interaction between usplash and other applications
    - more PIE applications
    - get default Private home directory set up, even if ecryptfs not in use
    - non-exec stack bugs
    - tomoyo packaging
    - AppAarmor load times (upstream and packaging)

Blueprint information

Status:
Not started
Approver:
Rick Clark
Priority:
Undefined
Drafter:
Kees Cook
Direction:
Needs approval
Assignee:
None
Definition:
Discussion
Series goal:
None
Implementation:
Informational Informational
Milestone target:
None

Related branches

Sprints

Whiteboard

The status of these various items is being tracked in https://wiki.ubuntu.com/SecurityTeam/Roadmap.

* Discuss general Ubuntu security concerns, possibly leading to new UDS sessions. Some of this is based on:
https://wiki.ubuntu.com/SecurityTeam/Roadmap#Unscheduled%20Wishlist%20Items

* Possible topics:
 * UFW improvements (interfaces and egress filtering)
  * gui to turn on and off, turn on off
    - Simplified gui with on/off and application selectors
  * application open by default, but configurable
  * enable by default
  * disable all by default
  * location? control center applets
  * port 25 if mail-transport-agent is installed
  * network-manager (create a new network, open it up)
  * dynamically detect outbound connections and somehow prompt (only do it if from a user writable directory?)

 * unified method to ask security questions
 * proper PIE-handling in GDB (current patch barely works, upstream wants more correct approach)
 * openjdk-6 testsuite cleanup from default compiler flags
 * approach upstream glibc about futility of fwrite checks when lacking fprintf and fclose checks.
 * automated Debian-security fetch/try/build system (mom, ubuntuwire (rcbugs), pitti may have some)
   - Get a report with some debdiffs the security team could review
   - At least open a bug with a failed/fuzzed debdiff that could be used as a starting point for community work
 * bug 56755 have sudo warn if it is prompting on a non-terminal fd (Debian said won't fix-- investigate)
   - Should be forwarded upstream
 * bug 104602 sort out bad vt interaction between usplash and other applications
   - corner-case: sulogin with root password and usplash starts
 * more PIE applications
   - on 64 bit, perception was that the performace impact was minor, but testing shows it's a 20% slowdown
   - Applications need to be targeted so the performance impact is acceptable
   - Would like to see pidgin and firefox on the list
   - avoid CPU bound apps
   - Clamav is already contained and is too cpu-bound to use PIE
   - Cyrus is too cpu-bound. I can provide some example (waver)
   - Sasl?
   - Totem (Gstreamer) - very cpu-bound - needs testing to determine if
     performance impact is acceptable
   - Vlc (not in main)
   - Security team could make available a PPA for PIE testing, and the community could do performance testing.
   - possible add comment in the binary that won't get stripped
 * get default Private home directory set up, even if ecryptfs not in use
   - international issues, would need to be added to the list of folders that are already translated
   - user confusion: Is the private directory encrypted or not?
 * non-exec stack bugs
 * tomoyo packaging
 * AppArmor load times (upstream and packaging)

* Others?

(?)

Work Items