Ubuntu

Security Team catch-all work for Lucid (high)

Registered by Jamie Strandboge

This is a blueprint for the catch-all high priority security features for Lucid.

Blueprint information

Status:
Complete
Approver:
Robbie Williamson
Priority:
High
Drafter:
Jamie Strandboge
Direction:
Approved
Assignee:
Kees Cook
Definition:
Approved
Series goal:
Accepted for lucid
Implementation:
Implemented
Milestone target:
None
Started by
Jamie Strandboge
Completed by
Kees Cook

Related branches

Sprints

Whiteboard

Feedback jdstrand: results of investigation of switching the apparmor profile on during the dev cycle can be seen in: https://wiki.ubuntu.com/SecurityTeam/Specifications/Karmic/AppArmorFirefoxProfile#Future%20Work. Basically, it is not recommended at this time. Will ask developers to enable it in ubuntu-devel@ at the same time as asking them to turn on apparmor-notify.

Work items:
develop and run performance tests for evince: DONE
develop and run performance tests for firefox: DONE
create proof-of-concept fscaps handling in dpkg: POSTPONED
present fscaps ideas to Debian: POSTPONED
block execution of EXE files (wine) lacking execute bit (bug 506702): DONE
block execution of desktop files (nautilus) lacking execute bit (bug 506702): DONE
block execution of JAR files (openjdk-6) lacking execute bit (bug 506702): DONE
block execution of JAR files (sun-java6) lacking execute bit (bug 506702): DONE
[jdstrand] investigate switching apparmor Firefox profile on for Lucid dev cycle: DONE

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.