[ubuntu-hardened] list introductions

Kees Cook kees at ubuntu.com
Wed Oct 31 05:15:52 GMT 2007


On Tue, Oct 30, 2007 at 11:55:45PM -0400, Daniel Guido wrote:
> I'm an Information Security student from NYC and I'd really like it if
> we started talking more about gcc, PaX, grsec and encrypted storage
> and less about SELinux. If I see something happening that I feel I can

I've recently been trying to coordinate[1] some toolchain hardening work
with Debian.  It's a pretty central change to how builds happen for
Debian-based distros.

My hope is to get developers testing the hardening-wrapper[2] tested
during Hardy so that we can enable it for the builds in Hardy+1.  At the
same time, I'd like to try to identify various packages that need to
have patches sent upstream to fix various things like accidentally
leaving their stack executable in from-asm objects linked to their
executables.  There are some of these bugs[3] already filed.

I'd like to try to break the grsec patches up logically and add /proc
runtime toggles for them.  That might make them more interesting to the
upstream kernel folks.  The symlink and hardlink protections are
especially interesting, though they will need wide testing -- they are
reported to break some applications, but I haven't yet found any details
on which and if they can be changed.

> contribute to, I will chime in and help. I can't start or manage any
> projects, college just takes too much time.

If the executable stack bugs are interesting to you, I'd love to see them 
solved.  No need to manage a whole project.  :)


[1] http://wiki.debian.org/Hardening/
[2] http://svn.debian.org/wsvn/hardening
[3] https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/49323

Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20071030/73a79ed7/attachment.pgp 

More information about the ubuntu-hardened mailing list