[ANN] Project status report (23-10-2005)

Hi,

As I commented in the channel and earlier communication on this list,
I'm going to send project status reports and announcements at least
monthly, or if the situation meets special conditions (ie. important
progress or event).

For this month I've got really nice news for all of us and hopefully
this will be that good in the forthcoming months ;).

1 - Progress on vSecurity development and packaging

  a) Documentation

Jeff Schroeder (jeff.schroeder2ATus.army.mil) wrote documentation for
vSecurity's latest features, including cap_over merge. He has been
testing and reporting bugs as well as suggesting features and
improvements.

The documentation is hosted at tuxedo-es.org wiki for collaboration and
security purposes:

 http://wiki.tuxedo-es.org/VSecurityDocumentation

A DocBook version is going to be added to the vSecurity CVS trunk as
soon as we complete it and solve any possible issues, draft can be found
at:

 http://pearls.tuxedo-es.org/vsecurity/dist/vsec-gettingstarted.sgml

I choose DocBook because it's flexible, has a clean and powerful syntax
and is widely supported and used in documentation projects. Also, there
are many editors and applications out there that support the DocBook
format.

User documentation is not the only one thing that is of our interest
when it comes to provide information about vSecurity. I've made
available a PDF-format developers reference (Doxygen-generated) which is
going to be improved soon. Please note that vSecurity is intended to
work with the kernel documentation engine (ie. comments style, etc).

 http://pearls.tuxedo-es.org/vsecurity/dist/refman.pdf

 b) New release coming soon: cap_over changes merged

I've committed the changes made to the trunk for CapOver LSM merge. With
these new features, we want to get rid of setuid binaries in the next
Ubuntu Linux release (aka Dapper). Martin Pitt worked on such stuff for
Breezy and Jeff and myself found that we should go a step further and
provide a fine-grained, policy-based engine for capabilities granting
without adding further difficulties to the maintenance and development
process.

 http://www.randombit.net/projects/cap_over/
 http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/vsecurity/

I would like to thank Eugene Teo for the great help on the original
patches for cap_over merge, as well as the comments and fixes on the
vSecurity code for mainline kernel API updates, etc.

Although, I have some bad news about this:

 c) Possible trademark issues

Jeff and others commented that vSecurity might cause trademark-related
issues. I'm not really sure, but I don't think so. For those who don't
know, vSecurity stands for 'vanilla Security' (the main goal of the
project was to bring security technologies to the mainline kernel
without the need of API changes: patches, etc). Although, If I find this
to be an issue, I'll change the name. No big deal. I always asked myself
why I didn't name it the "Flippin' Mainline Security Module" ;). I'll
try to ask around here, but if any lawyer/attorney is reading this,
counseling and guidance will be appreciated.

 d) Kernel freeze (yeah, we also suffer of them, from times to times)

Jeff found a bug that can be reproduced easily in latest vSecurity
milestones since 2.6.12 changes. After some research, and also after
asking a fellow (Seth Arnold, thanks for the comments!), I came with
some possible issues that may be causing the bug:

 - task handling or related code tries to de-allocate a data structure  
   field (ie. task 'security' field) twice at same time. Kind of weird
   race condition.
 - vsec_inode_permission hook calls is_jailroot_open() which is not 
   anymore 'inline' since 2.6.12 API changes.
 - GOBBLES working.

Let's discard the third reason by now. I certainly believe it's the
second one, as after checking with a FC3 kernel I got a nice oops at
is_jailroot_open() and also found issues when trying to compile with
'inline' set to the function prototype (something that header files
don't like). Possible solution is to move that and put it right on the
vsec_hooks.c code. As I'm pretty busy with school, I hadn't time to
check that out. Help will be much appreciated. I hope Eugene or Nguyen
will have more time than to me, and also that my pointers to possible
reasons will help fixing the problem. I might happen to fix the problem
at some brigth moment, but right now I have a nice work load non-related
to this.

2 - Volunteers

I would like to say, once again, that we need volunteers for working on
documentation and keeping the sites and wiki pages up and clean.
Dominik, from Germany, is helping and also willing to work on German
translation of the work. So, thanks and kudos to Dominik.

3 - Hardened Debian/Ubuntu Hardened site updated

I've worked on http://www.debian-hardened.org/doku.php/ and added some
stuff which will give the site a few more chances for being useful. Site
needs some love and documentation should be moved out of the old one.
Here volunteers will be welcome and much appreciated.

4 - Ubuntu Linux Security Center

After reading the thread on Bastille, I could say that the idea is good,
but Bastille has serious issues when it comes to usability. Time ago, I
talked to John Richard M. on a nice idea that he posted to the
ubuntu-devel list (well, it was first a bug in the Bugzilla). He
proposed an Ubuntu Linux Security Center with a decent GUI, following
usability guidelines and also the Ubuntu Linux philosophy (mpt helped
with usability).

You can't ask the average user "Would you like to enable kernel-based
stack execute protection?".

Although, you can ask him to "Enable protection against common security
threats". It would have to work on profiles (ie. basic, medium,
advanced), and all that stuff.

It can be so-leet and shiny, but it's still useless if only security
junkies can understand it.

I contacted Javier Fernandez-Sanguino once for commenting about Hardened
Debian, and it might be of help to work together with him on it, but I'm
not sure if he shares the same concept of proactive security
technologies deployment with us. Debian is, in general, less receptive
with this stuff, and we are here mainly for solving out the
(dis)information problems around these technologies.

 http://wiki.tuxedo-es.org/Ubuntu_Security-Center_design
 (descriptions written by John)

5 -  Proposals and Ubuntu Below Zero (UBZ)

A meeting should happen at least monthly in the IRC channel(s) for
listening to the users, people willing to volunteer, etc. It's worth to
try to talk with the Tech Board, as this time we need to work
all-together with Ubuntu Linux maintainers. Anyone going to attend to
UBZ?

I can't right now (there's no budget for it), but maybe we could talk
and organize something with anyone going to be there.

 --

Many thanks for reading this.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo at gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-devel/attachments/20051023/16dd0370/attachment-0001.pgp