Ubuntu Wiki

Security track: http://summit.ubuntu.com/uds-o/track/security

Security Community Improvement

Summary: Discuss how to grow the Ubuntu Security Community

Blueprint: security-o-community

Work items:

• [dholbach] look at new documentation for where we should be linked in
• [jdstrand] fix bug 702005 (new packaging guide about dealing with security updates in stable). Simplified version?
• [jdstrand] review our documentation and compare with new packaging guide (it is task based with knowledge linked off it or simpler pages and workflow)
• [dholbach] look at pbuilder-dist and see if it uses -security and -updates (bug 781003): DONE
• [hypatia] approach local universities to participate in auditing code
• [jdstrand] develop process to create target CVEs for every couple weeks which the community role can use
• [jdstrand] coordinate with dholbach on developer initiatives and create a weekly or monthly list of packages 10-15
• [micahg] check on mozilla ppa updates aren't going to changes
• [kees] add references to secure programming documentation off the security FAQ

AppArmor

Summary: Three sessions with the first two discussing what items we need to work on over the next year (ie, for the next LTS), with the third prioritizing the work for Oneiric.

Blueprints:

• Blueprint: security-o-apparmor-dev1

• Blueprint: security-o-apparmor-dev2

• Blueprint: security-o-apparmor-ubuntu

Items to bring forward (see security-o-apparmor-ubuntu for specific work items):

• Userspace tools:
  • flip rate limiting bit when using aa-genprof
  • does not offer to edit abstractions
  • doesn't suggest to use variable (@{PROC} and @{HOME})
  • suggesting community profiles
  • tool workflow
    • globbing in profile attachments and naming
    • is aa-logprof still viable?
  • named profiles and binary globbing (all tools)
  • P[Uu]x not supported
  • some bug jj knows about that is hard to describe (and has fix)
  • (needs further breakdown) userspace needs to migrate away from needing compat patches (ie, use new introspection interface) -- need other bp
  • v3 tagging
  • [mdeslaur] aa-notify rate limiting/summarizing

  • AppArmor testing on ARM

  • AppArmor LXC integration

  • perl on ISO
• Kernel/parser:
  • parser memory usage (patch pending)

  • ipc: see security-o-apparmor-dbus

  • network
    • stage 1
  • extended permission
    • mount
    • chmod, chown
    • setuid, ....
  • Oish (break into work items) introspection interface
  • Oish (break into work items) dfa improvements
  • set load
  • rcu
  • v3 tag and keep semantics as we go forward
  • Oish modularization of LSM discussion started

2-Factor Authentication

Summary: Discuss how to implement sensible and friendly two-factor authentication into Ubuntu.

Blueprint: security-o-2factor-auth

Work items:

• [mdeslaur] Create a test PAM module that exercises unusual interactions (PIN, challenge-response)
• [mdeslaur] Document recommended 2-factor mechanism
• [kees] examine available hardware tokens and find something sufficiently cheap to recommend

Screenlocking and interactions with Compiz

Summary: Discuss how to better handle screenlocking when using Compiz.

Blueprint: security-o-compiz-screenlocking

Work items:

• [mdeslaur] find simple reproducer and can assign to amaranth or smspillaz
• [amaranth] implement gnome-shell style screen locking in compiz plugin

Security tracking improvements

Summary: Discuss how to improve the USN announcements and the CVE tracker

Blueprint: security-o-tracking

Work items:

• [jdstrand] write up example text for issue summaries for example classes of software/users
• [jdstrand] write wiki page to link from update instructions (desktop and server sections)
• [kees] implement database for overrides

Security Catch-all

Summary: Implement various additional security things for Oneiric that don't need a full blueprint of their own. This blueprint also lists the discussions and work items coming out of the morning roundtables.

Blueprint: security-o-catch-all

Work items:

• [kees] upstream remaining 2 testsuite cleanups
• [kees] find and fix any newly created testsuite failures in gcc 4.6
• [kees] create a set of docs for how to run the testsuites and get good results out of them for fixing future issues
• [jdstrand] internal self-analysis of LTS releases
• [mdeslaur] fix openssl reboot notification for desktop
• [jdstrand] Send and announcement saying that we are no longer sending security announcement to bugtraq and full-disclosure
• [broder] write a script to report -backports packages that need an update due to -security
• [mvo] add dialog to PPA to show description and ask for confirmation
• [kees] rest API that exports json (eg lucid/main/mysql and this dumps CVEs
• [mdeslaur] followup with mvo to update dash and software center (filter it out)
• [mvo] to write tool to report security status of installed packages
• [jdstrand] bring idea of 'check orig tarball' via watch files up to foundations

Future:

• [mdeslaur] investigate getting rulesets for mod_security automatically, and possibly providing those if they don't exist
• [mdeslaur] investigate if mod_security meets MIR requirements
• [mdeslaur] talk to server team about championing mod_security, and getting it in the server seeds
• [sbeattie] contact cr3 about frameworks in use and how they deal with private data
• [kees] ask cjwatson about disabling password auth in openssh-- if there is any more we can do
• [mdeslaur] discuss with server team the possibility of disabling password auth with cloud via orchestra
• [sbeattie] have ability to choose what kinds of tests to run (functional, security, regressions)
• [kees] have ability to disable network tests
• [mdeslaur] document how to audit policykit (relationships, where to look, how to examine one application, how to examine the archive)

Archive Security Audits

Summary: Information gathering discussion on how to better manage the influx of potentially insecure packages/changes into the devel archive.

Blueprint: security-o-archive-audits