Security Team catch-all work for Lucid (high)
This is a blueprint for the catch-all high priority security features for Lucid.
Blueprint information
- Status:
- Complete
- Approver:
- Robbie Williamson
- Priority:
- High
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- Kees Cook
- Definition:
- Approved
- Series goal:
- Accepted for lucid
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Jamie Strandboge
- Completed by
- Kees Cook
Related branches
Related bugs
Sprints
Whiteboard
Feedback jdstrand: results of investigation of switching the apparmor profile on during the dev cycle can be seen in: https:/
Work items:
develop and run performance tests for evince: DONE
develop and run performance tests for firefox: DONE
create proof-of-concept fscaps handling in dpkg: POSTPONED
present fscaps ideas to Debian: POSTPONED
block execution of EXE files (wine) lacking execute bit (bug 506702): DONE
block execution of desktop files (nautilus) lacking execute bit (bug 506702): DONE
block execution of JAR files (openjdk-6) lacking execute bit (bug 506702): DONE
block execution of JAR files (sun-java6) lacking execute bit (bug 506702): DONE
[jdstrand] investigate switching apparmor Firefox profile on for Lucid dev cycle: DONE