Re: About Ubuntu security
On Wed, Aug 01, 2007 at 02:18:24PM -0700, Ng, Cheon-woei wrote: > I saw a good security features table for FC and RH at > http://www.awe.com/mark/blog/200701041544.html > > May be you can consider adding similar type of table to the security FAQ > you are about to write? Yes, that's what originally inspired me actually. :) What I'd like to add, though, is some detailed information about each technology and what areas of vulnerabilities they mitigates. I'd like to have a "coverage" table more than a "feature" table, though they are frequently similar. -Kees -- Kees Cook signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
RE: About Ubuntu security
Hi Kees, I saw a good security features table for FC and RH at http://www.awe.com/mark/blog/200701041544.html May be you can consider adding similar type of table to the security FAQ you are about to write? Cheon-Woei Ng -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: About Ubuntu security
Hi, On Tue, Jul 31, 2007 at 05:57:24PM -0700, Kees Cook wrote: > > About AppArmor, it is ready to use? What profiles are available now? > > Will there be any utilities? > > I will let Mathias answer this in more detail, but yes, it is ready for > testing (if you're testing the Gutsy development cycle -- I would urge > you to do so if you're interested in AppArmor). > > For profiles, see the contents of the "apparmor-profiles" package: > > http://packages.ubuntu.com/cgi-bin/search_contents.pl?word=apparmor-profiles&searchmode=filelist&case=insensitive&version=gutsy&arch=i386&page=1&number=all > > All the regular AppArmor utilities are available. There are plans for > GUI tools: https://wiki.ubuntu.com/SecurityModuleAdminTool > > For more details: https://help.ubuntu.com/community/AppArmor > As Kees already mentioned, AppArmor is well integrated into Gutsy. We're currently focusing on testing it and generating profiles. The testing plan is outlined here: https://wiki.ubuntu.com/Testing/Server/AppArmor. The utilities are currently command line tools: beside management tools, there are scripts that help generating and updating profiles. The user guide at https://help.ubuntu.com/community/AppArmor contains all the information that is needed to run AppArmor. Thank you, -- Mathias signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: About Ubuntu security
On Tue, Jul 31, 2007 at 04:39:31PM -0700, Ng, Cheon-woei wrote: > Another security option mentioned to me is to compile applications with > this option: -D_FORTIFY_SOURCE=2. Correct (though it requires -O2 or higher too). This solves another class of sprintf-instead-of-snprintf bugs, by letting the compiler call the size-limiting versions of functions when it knows the size of a target buffer. For example, this code: int func(char *input) { char buf[80]; sprintf(buf,"stuff: %s\n",input); printf("%s",buf); } is turned (at compile time) into: int func(char *input) { char buf[80]; snprintf(buf,80,"stuff: %s\n",input); /* this is now snprintf */ printf("%s",buf); } > Is this option part of gcc in Ubuntu? This needs to be changed on a per-package basis in Ubuntu at the moment, but there are plans to create a more centralized set of compile-time options when building the archive. Some of the discussion is here: https://lists.ubuntu.com/archives/ubuntu-devel/2007-May/023597.html -Kees -- Kees Cook signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: About Ubuntu security
On Tue, Jul 31, 2007 at 09:39:28AM -0700, Ng, Cheon-woei wrote: > I meant in general, a device driver has access to all of kernel memory. > Actually I am not aware of /dev/mem exploit; I will need to do some > research. : ) Right, you are correct about the design of the Linux kernel drivers. The /dev/mem issue is that programs that write to /dev/mem need to be limited to only a small region of all kernel memory (to access video devices, as I understand it). I haven't looked into this in any depth yet. > About AppArmor, it is ready to use? What profiles are available now? > Will there be any utilities? I will let Mathias answer this in more detail, but yes, it is ready for testing (if you're testing the Gutsy development cycle -- I would urge you to do so if you're interested in AppArmor). For profiles, see the contents of the "apparmor-profiles" package: http://packages.ubuntu.com/cgi-bin/search_contents.pl?word=apparmor-profiles&searchmode=filelist&case=insensitive&version=gutsy&arch=i386&page=1&number=all All the regular AppArmor utilities are available. There are plans for GUI tools: https://wiki.ubuntu.com/SecurityModuleAdminTool For more details: https://help.ubuntu.com/community/AppArmor -Kees -- Kees Cook signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
RE: About Ubuntu security
One more question to the community. Another security option mentioned to me is to compile applications with this option: -D_FORTIFY_SOURCE=2. Is this option part of gcc in Ubuntu? Woei -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
RE: About Ubuntu security
Hi Kees, Thanks again! I meant in general, a device driver has access to all of kernel memory. Actually I am not aware of /dev/mem exploit; I will need to do some research. : ) About AppArmor, it is ready to use? What profiles are available now? Will there be any utilities? Woei -Original Message- From: Kees Cook [mailto:[EMAIL PROTECTED] Sent: Monday, July 30, 2007 5:29 PM To: Ng, Cheon-woei Cc: ubuntu-server@lists.ubuntu.com Subject: Re: About Ubuntu security On Mon, Jul 30, 2007 at 05:15:34PM -0700, Ng, Cheon-woei wrote: > Thanks for the excellent answers! You're welcome! Your questions are forming the basis of my Ubuntu security FAQ, so really I should be thanking you. :) > I also have a question on the kernel memory space security. > > Based on an experiment created by Mark Allyn (my college), if a device > driver (like audio driver) is poorly written without boundary check, a > user could exploits that security hole and can easily read or write to > anywhere in the kernel memory space via an interface like /dev/audio. > > Is there any security features in Ubuntu that prevent such exploit? So > far the only solution mentioned is to submit all device drivers for > rigorous peers review. Do you mean the /dev/mem interface, or that in general, device drivers have access to all of kernel memory? I am currently unaware of any in-kernel memory segmentation plans. There are upstream plans to implement a form of stack-protection for kernel functions, which should help minimize some attack vectors in buggy drivers. As for /dev/mem, I will need to check the state of progress. There are no Ubuntu-specific changes that I know of, but I know there was work in various upstreams (e.g. kernel and X.org) to deal with the identified deficiencies with that interface. -Kees -- Kees Cook -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
Re: About Ubuntu security
On Mon, 2007-07-30 at 21:10 -0400, James Strandboge wrote: > Remember you can use capabilities to prevent loading of modules, so you > can prevent those buggy drivers from loading at all. See: > > man capabilities > man lcap (lcap is in universe) > http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.txt > (section 10.4.2.1) I meant to also add: http://www.linuxjournal.com/article/5737 Also, in case you aren't aware, if removing CAP_SYS_MODULE, be sure to do it *after* removing all other capabilities. Removing CAP_SYS_MODULE removes access to /proc/sys/kernel/cap-bound (permission denied), and you will thereafter not be able to adjust your capabilities any further (until reboot that is). Jamie Strandboge -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
Re: About Ubuntu security
On Mon, 2007-07-30 at 17:29 -0700, Kees Cook wrote: > I am currently unaware of any in-kernel memory segmentation plans. > There are upstream plans to implement a form of stack-protection for > kernel functions, which should help minimize some attack vectors in > buggy drivers. Remember you can use capabilities to prevent loading of modules, so you can prevent those buggy drivers from loading at all. See: man capabilities man lcap(lcap is in universe) http://www.debian.org/doc/manuals/securing-debian-howto/securing-debian-howto.en.txt (section 10.4.2.1) Jamie Strandboge -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
Re: About Ubuntu security
On Mon, Jul 30, 2007 at 05:15:34PM -0700, Ng, Cheon-woei wrote: > Thanks for the excellent answers! You're welcome! Your questions are forming the basis of my Ubuntu security FAQ, so really I should be thanking you. :) > I also have a question on the kernel memory space security. > > Based on an experiment created by Mark Allyn (my college), if a device > driver (like audio driver) is poorly written without boundary check, a > user could exploits that security hole and can easily read or write to > anywhere in the kernel memory space via an interface like /dev/audio. > > Is there any security features in Ubuntu that prevent such exploit? So > far the only solution mentioned is to submit all device drivers for > rigorous peers review. Do you mean the /dev/mem interface, or that in general, device drivers have access to all of kernel memory? I am currently unaware of any in-kernel memory segmentation plans. There are upstream plans to implement a form of stack-protection for kernel functions, which should help minimize some attack vectors in buggy drivers. As for /dev/mem, I will need to check the state of progress. There are no Ubuntu-specific changes that I know of, but I know there was work in various upstreams (e.g. kernel and X.org) to deal with the identified deficiencies with that interface. -Kees -- Kees Cook signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
RE: About Ubuntu security
Hi Kees, Thanks for the excellent answers! I also have a question on the kernel memory space security. Based on an experiment created by Mark Allyn (my college), if a device driver (like audio driver) is poorly written without boundary check, a user could exploits that security hole and can easily read or write to anywhere in the kernel memory space via an interface like /dev/audio. Is there any security features in Ubuntu that prevent such exploit? So far the only solution mentioned is to submit all device drivers for rigorous peers review. Thanks again. Sincerely, Woei -Original Message- From: Kees Cook [mailto:[EMAIL PROTECTED] Sent: Monday, July 30, 2007 4:56 PM To: Ng, Cheon-woei Cc: ubuntu-server@lists.ubuntu.com Subject: Re: About Ubuntu security On Mon, Jul 30, 2007 at 09:01:36AM -0700, Ng, Cheon-woei wrote: > It is my understanding that user space buffer overflow exploits (like > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or > Gutsy because of implementation of security measures like Address Space > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > Questions: > 1. Is my assumption correct? For the most part, yes. I like saying "nearly" impossible instead of "basically". Overflow protections can't protect against arbitrary memory-writing bugs, but the ASLR helps make this much harder too. > 2. Are there any other security measures that I did not mention and I > should know of? One bit that didn't get much hype was the heap link-checking was added via glibc 2.5 in Feisty. > 3. Is there a link repository where I could find all details of the > security features included in Feisty Fawn or Gutsy? For example, I am > looking for a dedicated place in Ubuntu.com where I could find answers > for questions like these: There isn't, but writing such a document is near the top of my TODO list. > a. Is the Address Space Layout Randomization based on PaX? AFAIK, the ASLR in mainline kernels is based on the work done in RHEL. If that was based on PaX, I'm not certain. > b. When was this security measure included in Ubuntu? Stack ASLR happened in Dapper, library (mmap) ASLR happened in Edgy. ASLR of text was going to happen for Feisty, but was pulled from mainline kernels at the last minute. I'm working on getting it back in. > c. How many bits are randomized? IIRC, 20 bits. > d. Is function table randomized? Do you mean libc function tables? I don't think this will be in Gutsy, as it was only very recently introduced in mainline glibc. > e. Is Stack Guard part of all applications included in Feisty > Fawn? All packages built during and since the Edgy cycle would have been compiled with stack protection. I'm intending to go through and make sure any needing it are rebuilt for sure. -Kees -- Kees Cook -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
Re: About Ubuntu security
On Mon, Jul 30, 2007 at 05:51:28PM -0400, Rick Clark wrote: > NX support for 32 bit requires the HIGHMEM64 option to be enabled in the > kernel. Unfortunately, this makes some 32 bit processors fail to boot. > I think it is worth discussing enabling it, as most of the processors > that fail are either very old or laptop centric. Additionally, only more recent ia32 processors support the nx bit when in PAE mode (HIGHMEM64). You can check with: cat /proc/cpuinfo | grep ^flags | grep nx > This list is an excellent place to give an opinion, though. I > personally like PaX, especially its ability to simulate NX, on > unsupported hardware. This would allow us to get around the 32 bit > problem. I'm a fan of the execshield segmentation patches, but Ubuntu has traditionally not had the resources to carry the delta for this. With the other mitigation systems in place, I'm less worried about this "gap" in coverage. Besides, if an attacker can gain control of a program's stack, they can still use text ret-chaining to execute "arbitrary" code[1]. This is why I've been focusing on getting text ASLR working again instead of looking at the segmentation patches. If someone could take on the task of getting the segmentation patches taken by upstream, I would be very grateful. -Kees [1] http://www.suse.de/~krahmer/no-nx.pdf -- Kees Cook signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
Re: About Ubuntu security
On Mon, Jul 30, 2007 at 09:01:36AM -0700, Ng, Cheon-woei wrote: > It is my understanding that user space buffer overflow exploits (like > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or > Gutsy because of implementation of security measures like Address Space > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > Questions: > 1. Is my assumption correct? For the most part, yes. I like saying "nearly" impossible instead of "basically". Overflow protections can't protect against arbitrary memory-writing bugs, but the ASLR helps make this much harder too. > 2. Are there any other security measures that I did not mention and I > should know of? One bit that didn't get much hype was the heap link-checking was added via glibc 2.5 in Feisty. > 3. Is there a link repository where I could find all details of the > security features included in Feisty Fawn or Gutsy? For example, I am > looking for a dedicated place in Ubuntu.com where I could find answers > for questions like these: There isn't, but writing such a document is near the top of my TODO list. > a. Is the Address Space Layout Randomization based on PaX? AFAIK, the ASLR in mainline kernels is based on the work done in RHEL. If that was based on PaX, I'm not certain. > b. When was this security measure included in Ubuntu? Stack ASLR happened in Dapper, library (mmap) ASLR happened in Edgy. ASLR of text was going to happen for Feisty, but was pulled from mainline kernels at the last minute. I'm working on getting it back in. > c. How many bits are randomized? IIRC, 20 bits. > d. Is function table randomized? Do you mean libc function tables? I don't think this will be in Gutsy, as it was only very recently introduced in mainline glibc. > e. Is Stack Guard part of all applications included in Feisty > Fawn? All packages built during and since the Edgy cycle would have been compiled with stack protection. I'm intending to go through and make sure any needing it are rebuilt for sure. -Kees -- Kees Cook signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
RE: About Ubuntu security
Rick & Ubuntu List: Thanks for getting back to me. I forgot to ask one more thing; I realize that NX is not the only thing that can be added to the kernel. There is also the ideas such as Address Layout Randomization or any other feature of either PAX or ExecShield? Does anyone know of plans for including these in the kernel for Ubuntu? Thanks Mark Allyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Clark Sent: Monday, July 30, 2007 2:51 PM To: ubuntu-server@lists.ubuntu.com Subject: RE: About Ubuntu security Mark, Currently, the plan is to include AppArmor in the Gutsy release. No decision has been made as to any other security architecture. NX support for 32 bit requires the HIGHMEM64 option to be enabled in the kernel. Unfortunately, this makes some 32 bit processors fail to boot. I think it is worth discussing enabling it, as most of the processors that fail are either very old or laptop centric. This list is an excellent place to give an opinion, though. I personally like PaX, especially its ability to simulate NX, on unsupported hardware. This would allow us to get around the 32 bit problem. Rick On Mon, 2007-07-30 at 13:40 -0700, Allyn, Mark A wrote: > Evan: > > Thanks for getting back to us. > > I am curious, and I am asking the list; what are the plans for including > either PAX or ExecShield in the kernel? Also, what is the status of > using the NX bit in a 32 Bit environment. > > What little I see on Google, I notice that Linux seems to have 64 Bit > X86 working with the NX bit, but there are some issues with the 32 Bit > X86 processors' use of the NX bit. > > Where is Ubuntu currently on using the NX bit, if if it is not being > used currently, what are the plans? > > Thanks > > Mark Allyn > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Evan > Klitzke > Sent: Monday, July 30, 2007 9:46 AM > To: Ng, Cheon-woei > Cc: ubuntu-server@lists.ubuntu.com > Subject: Re: About Ubuntu security > > On 7/30/07, Ng, Cheon-woei <[EMAIL PROTECTED]> wrote: > > Hello, > > > > This is the first time I post a question. If it is not the correct > > place to place the questions, can you please re-direct me to the > correct > > place? > > > > It is my understanding that user space buffer overflow exploits (like > > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn > or > > Gutsy because of implementation of security measures like Address > Space > > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > > > Questions: > > 1. Is my assumption correct? > > 2. Are there any other security measures that I did not mention and I > > should know of? > > 3. Is there a link repository where I could find all details of the > > security features included in Feisty Fawn or Gutsy? For example, I am > > looking for a dedicated place in Ubuntu.com where I could find answers > > for questions like these: > > a. Is the Address Space Layout Randomization based on PaX? > > b. When was this security measure included in Ubuntu? > > c. How many bits are randomized? > > d. Is function table randomized? > > e. Is Stack Guard part of all applications included in Feisty > > Fawn? > > > > Thanks! > > > > Sincerely, > > Cheon-Woei Ng > > I'm not in any way affiliated with Ubuntu, so I can't answer your > questions for sure, but AFAIK the only protections currently in place > along the lines of what you mentioned are using SSP by default. This > was implemented for Edgy. You can read more about it at this launchpad > page: https://blueprints.launchpad.net/ubuntu/+spec/gcc-ssp . I'm not > 100% certain, but I don't think that PaX are related technologies are > compiled into the kernel. You can easily check exactly what is > compiled into your kernel though by grepping through > /boot/config-your-kernel-version. > > -- > Evan Klitzke <[EMAIL PROTECTED]> > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > -- Rick Clark Technical Lead, Ubuntu Server Team email: [EMAIL PROTECTED] irc: dendrobates on freenode http://www.ubuntu.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
RE: About Ubuntu security
Mark, Currently, the plan is to include AppArmor in the Gutsy release. No decision has been made as to any other security architecture. NX support for 32 bit requires the HIGHMEM64 option to be enabled in the kernel. Unfortunately, this makes some 32 bit processors fail to boot. I think it is worth discussing enabling it, as most of the processors that fail are either very old or laptop centric. This list is an excellent place to give an opinion, though. I personally like PaX, especially its ability to simulate NX, on unsupported hardware. This would allow us to get around the 32 bit problem. Rick On Mon, 2007-07-30 at 13:40 -0700, Allyn, Mark A wrote: > Evan: > > Thanks for getting back to us. > > I am curious, and I am asking the list; what are the plans for including > either PAX or ExecShield in the kernel? Also, what is the status of > using the NX bit in a 32 Bit environment. > > What little I see on Google, I notice that Linux seems to have 64 Bit > X86 working with the NX bit, but there are some issues with the 32 Bit > X86 processors' use of the NX bit. > > Where is Ubuntu currently on using the NX bit, if if it is not being > used currently, what are the plans? > > Thanks > > Mark Allyn > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Evan > Klitzke > Sent: Monday, July 30, 2007 9:46 AM > To: Ng, Cheon-woei > Cc: ubuntu-server@lists.ubuntu.com > Subject: Re: About Ubuntu security > > On 7/30/07, Ng, Cheon-woei <[EMAIL PROTECTED]> wrote: > > Hello, > > > > This is the first time I post a question. If it is not the correct > > place to place the questions, can you please re-direct me to the > correct > > place? > > > > It is my understanding that user space buffer overflow exploits (like > > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn > or > > Gutsy because of implementation of security measures like Address > Space > > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > > > Questions: > > 1. Is my assumption correct? > > 2. Are there any other security measures that I did not mention and I > > should know of? > > 3. Is there a link repository where I could find all details of the > > security features included in Feisty Fawn or Gutsy? For example, I am > > looking for a dedicated place in Ubuntu.com where I could find answers > > for questions like these: > > a. Is the Address Space Layout Randomization based on PaX? > > b. When was this security measure included in Ubuntu? > > c. How many bits are randomized? > > d. Is function table randomized? > > e. Is Stack Guard part of all applications included in Feisty > > Fawn? > > > > Thanks! > > > > Sincerely, > > Cheon-Woei Ng > > I'm not in any way affiliated with Ubuntu, so I can't answer your > questions for sure, but AFAIK the only protections currently in place > along the lines of what you mentioned are using SSP by default. This > was implemented for Edgy. You can read more about it at this launchpad > page: https://blueprints.launchpad.net/ubuntu/+spec/gcc-ssp . I'm not > 100% certain, but I don't think that PaX are related technologies are > compiled into the kernel. You can easily check exactly what is > compiled into your kernel though by grepping through > /boot/config-your-kernel-version. > > -- > Evan Klitzke <[EMAIL PROTECTED]> > > -- > ubuntu-server mailing list > ubuntu-server@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server > -- Rick Clark Technical Lead, Ubuntu Server Team email: [EMAIL PROTECTED] irc: dendrobates on freenode http://www.ubuntu.com -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
RE: About Ubuntu security
Evan: Thanks for getting back to us. I am curious, and I am asking the list; what are the plans for including either PAX or ExecShield in the kernel? Also, what is the status of using the NX bit in a 32 Bit environment. What little I see on Google, I notice that Linux seems to have 64 Bit X86 working with the NX bit, but there are some issues with the 32 Bit X86 processors' use of the NX bit. Where is Ubuntu currently on using the NX bit, if if it is not being used currently, what are the plans? Thanks Mark Allyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evan Klitzke Sent: Monday, July 30, 2007 9:46 AM To: Ng, Cheon-woei Cc: ubuntu-server@lists.ubuntu.com Subject: Re: About Ubuntu security On 7/30/07, Ng, Cheon-woei <[EMAIL PROTECTED]> wrote: > Hello, > > This is the first time I post a question. If it is not the correct > place to place the questions, can you please re-direct me to the correct > place? > > It is my understanding that user space buffer overflow exploits (like > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or > Gutsy because of implementation of security measures like Address Space > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > Questions: > 1. Is my assumption correct? > 2. Are there any other security measures that I did not mention and I > should know of? > 3. Is there a link repository where I could find all details of the > security features included in Feisty Fawn or Gutsy? For example, I am > looking for a dedicated place in Ubuntu.com where I could find answers > for questions like these: > a. Is the Address Space Layout Randomization based on PaX? > b. When was this security measure included in Ubuntu? > c. How many bits are randomized? > d. Is function table randomized? > e. Is Stack Guard part of all applications included in Feisty > Fawn? > > Thanks! > > Sincerely, > Cheon-Woei Ng I'm not in any way affiliated with Ubuntu, so I can't answer your questions for sure, but AFAIK the only protections currently in place along the lines of what you mentioned are using SSP by default. This was implemented for Edgy. You can read more about it at this launchpad page: https://blueprints.launchpad.net/ubuntu/+spec/gcc-ssp . I'm not 100% certain, but I don't think that PaX are related technologies are compiled into the kernel. You can easily check exactly what is compiled into your kernel though by grepping through /boot/config-your-kernel-version. -- Evan Klitzke <[EMAIL PROTECTED]> -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
Re: About Ubuntu security
On 7/30/07, Ng, Cheon-woei <[EMAIL PROTECTED]> wrote: > Hello, > > This is the first time I post a question. If it is not the correct > place to place the questions, can you please re-direct me to the correct > place? > > It is my understanding that user space buffer overflow exploits (like > SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or > Gutsy because of implementation of security measures like Address Space > Layout Randomization, Stack Guard, and AppArmor (in Gutsy). > > Questions: > 1. Is my assumption correct? > 2. Are there any other security measures that I did not mention and I > should know of? > 3. Is there a link repository where I could find all details of the > security features included in Feisty Fawn or Gutsy? For example, I am > looking for a dedicated place in Ubuntu.com where I could find answers > for questions like these: > a. Is the Address Space Layout Randomization based on PaX? > b. When was this security measure included in Ubuntu? > c. How many bits are randomized? > d. Is function table randomized? > e. Is Stack Guard part of all applications included in Feisty > Fawn? > > Thanks! > > Sincerely, > Cheon-Woei Ng I'm not in any way affiliated with Ubuntu, so I can't answer your questions for sure, but AFAIK the only protections currently in place along the lines of what you mentioned are using SSP by default. This was implemented for Edgy. You can read more about it at this launchpad page: https://blueprints.launchpad.net/ubuntu/+spec/gcc-ssp . I'm not 100% certain, but I don't think that PaX are related technologies are compiled into the kernel. You can easily check exactly what is compiled into your kernel though by grepping through /boot/config-your-kernel-version. -- Evan Klitzke <[EMAIL PROTECTED]> -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
RE: About Ubuntu security
Hello, This is the first time I post a question. If it is not the correct place to place the questions, can you please re-direct me to the correct place? It is my understanding that user space buffer overflow exploits (like SUID, return-to-libc, etc) are basically impossible under Feisty Fawn or Gutsy because of implementation of security measures like Address Space Layout Randomization, Stack Guard, and AppArmor (in Gutsy). Questions: 1. Is my assumption correct? 2. Are there any other security measures that I did not mention and I should know of? 3. Is there a link repository where I could find all details of the security features included in Feisty Fawn or Gutsy? For example, I am looking for a dedicated place in Ubuntu.com where I could find answers for questions like these: a. Is the Address Space Layout Randomization based on PaX? b. When was this security measure included in Ubuntu? c. How many bits are randomized? d. Is function table randomized? e. Is Stack Guard part of all applications included in Feisty Fawn? Thanks! Sincerely, Cheon-Woei Ng -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server