Guest session network lockdown
Martin Pitt
martin.pitt at ubuntu.com
Thu Jul 31 13:34:10 BST 2008
Hi all,
I am currently working on providing a reasonably locked down guest
session by default [1]. This by and large works now, including local
file access restrictions through AppArmor.
The spec also mentions restricting network access to the guest user.
Standard TCP/UDP to the internet should of course be allowed in order
to be useful, but it would be nice to e. g disallow the usage of VPNs.
This can be implemented with some iptables rules and the 'owner'
module.
However, we didn't talk yet about which particular kind of network
access should be allowed/denied. Some examples that come into my mind,
together with my gut feeling of whether to allow or deny them:
- default route (should certainly be allowed, even if that is through
a VPN)
- existing VPNs to non-default routes (deny) -> how to detect this?
OpenVPN uses tun devices, but other solutions work differently; e.
g. standard ipsec-tools uses regular ethernet interfaces and just
magically declares the connections as encrypted/signed in kernel
space; and then there's the Cisco "vpnc" package and a ton of
others...
- other computers in the LAN (deny)
- ICMP (allow)
- other use cases I have forgotten
All of those should ideally be changeable in some configuration file.
That doesn't exist yet, but is easy to do. Nevertheless we should
provide sane defaults.
Thanks in advance for any feedback,
Martin
[1] https://wiki.ubuntu.com/DesktopTeam/Specs/Intrepid/GuestAccount
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080731/60d0c90c/attachment.pgp
More information about the ubuntu-devel
mailing list