[Security_sig] 12/9 Conf. call minutes

Chris Wright chrisw at osdl.org
Thu Dec 9 10:05:19 PST 2004

	Phil Peake (OSDL)
	Slav Inger
	Serge Hallyn (IBM)
	Chris Wright (OSDL)
	Mary Edie (OSDL)
	Ge Weijers (Sun)
	Emily Ratliff (IBM)
	Ed Reed (Novell)

	- DCL doco
	- DTL doco
	- CGL spec review

	Mary/Lynn: DCL document to list
	Phil/Slav: DTL document to list
	Ge/Chris: CGL review


Chris: DCL, intro, assumptions, then point old bits back under

Mary: Accepting assumptions, 4 specifics fallout.  Hasn't been to sig
list yet.

Chris:  Should be on list asap.

Mary:  Sure, just wanted to get some early review.

Chris: Let's get it on list by this afternoon.

Chris: Mary, could you run through the 4 specifics.

Mary:  DAC, audit, application confinement, hostbased firewall.

Mary: If we get the assumptions out, we may get some market specific

Chris:  What's the deadline for review/repsonse.

Mary:  Well, ideally it'd be before tomorrow AM when techwriter is here,
but at least by next Wednesday.

Chris:  DTL work has started, and should come through the.

Mary:  Did they take same approach we did, listing assumptions.

Phil:  Security was originally spread throughout the doco.  Late in
process, we decided to bite the bullet and pull the items out and
coallate.  A lot of these items are not done for specific security arch
perspective.  Early drafts well, input closes next week, so it's also
the draft that's going in.  Not a final specification.

Mary:  That's how we started (CGL too).  So it's not shameful ;-)  Could
admit that it's not the same approach that we'll do going forward.

Phil:  Exactly the point.  Don't want people to think it's a
comprehensive doc or systems approach.  We'll need to do that later.

Mary:  If you have the time to write down the assumptions to get them
out for review.

Phil: Caveats/context are the main thing I want to get across.

Ed:  Question...desktop often brings up antivirus.  Does this type of
stuff come up.

Slav:  Don't believe that made the document.

Phil:  I think we decided to little known about Linux viruses that this
section is not existing.

Ed: Least privilege a requirement?

Phil:  No, it's not a requirement.

Chris:  It's interesting because the goals/usage models are quite
different from CGL/DCL.  e.g. allowing root access to do specific
things like change network settings, etc.

Phil:  That's exactly right, the usage models don't fit at all what
you'd care about on a backend machine.

Chris: Do you plan to generate a requirements document.

Phil:  Yes, for 2.0.  1.0 is strawman to make sure we're on right track.
This is purely due to time constaints.

Chris: Can you share it.

Phil: Sure, it's nearly frozen, so it surely can go out.

Chris: What's the goal for interaction.

Phil: We need to be involved in SIG.

Ed: Just make sure Novell is there?

Phil:  Yes, they are.

Mary:  Next steps?  Best practices document?

Phil:  For Linux specifically?

Mary:  Depends if it's too technology specific (click on this button in
this window).

Phil:  Certainly there's stuff from UNIX vendors, perhaps we could do
that, reuse that.

Phil: Fully in favor of not reinventing wheel.

Ed: Hmm, SANS institute might have some useful bits.

Mary: Came up in discussion of application containment that it could be
not only for root.

Ed: Application containment is appropriate anytime there are local
privilege escalation attacks possible.

Ed: I thought next step would be gap identifcation to get work done on
what's available.

Ed: Application containment document, for example that shows LIDS,
SubDomain, SELinux, Solaris Zones, etc...

Ed: Driving towards best practices.

Mary: One has to assume that if there's no document.

Ed: e.g. chroot() jails are necessary, or necessary and sufficient.

Mary: My goal would be advance Linux in the Data Center.  Removing
worries.  Audience includes people who are considering Linux adoption
and are concerned about security.

Ed: How do I reproduce what I'm comfortable with in the past on Linux
(Solaris Zones, HP Virtual vault, etc)?

Phil: "Enable understanding of what is currently a best known practice
for a deployment of particular usage model"

Mary: Quite reasonable to show list of options.

Phil:  Virtualization under Linux may not look like Solaris ones.  And
the weaknesses on one side may mean that the result is not really what
you wanted.

Ed: Not going to succeed in creating cookbooks, but could be glossary,
and cursory/broad correspondance.

Phil:  Hit the point,  If they don't already have the competance, it'll
have to come from external source.

Ed:  Yes, it's reasonable to list this out, and give some pointers to
more detailed info.

Chris:  There's docs on specifics (confine this application with these
techniques, see which one works).  Also there's high level reviews of
existing work.

Ed:  Get's back to who's the audience?

Mary:  Purpose is two-fold.  People looking for reassurance that there
are solutoins there.  And for us, to identify gaps, by knowing what the
solutions are.

Ed:  First is marketing slideware.  There's certainly that stuff
available.  If they aren't there for security...imminently doable.

Ed:  Gaps, what's important, what do we need to do?  Keep coming around
to that.  Start with use cases, and assumptions then show tools that can
be used in that use case to secure that system from the attacks that
threaten it.

Mary:  Marketing is doing some of this via vericals.

Ed:  It's the only way to get a sane conversation.  and...it's a
protection profile.

Chris: Full circle ;-)

Ed: Yes, seems reasonable.  Iterative process...

Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

More information about the security_sig mailing list