[Security_sig] 02/03 Conf. call minutes

Chris Wright chrisw at osdl.org
Thu Feb 3 10:05:57 PST 2005

	Ge Weijers (Sun)
	Joseph Cihula (Intel)
	Ed Reed (Novell)
	Emily Ratliff (IBM)
	Andy Murren
	Serge Hallyn (IBM)
	Slav Inger
	Chris Wright (OSDL)

	- CGL feedback from f2f
	- Any other business

	Chris: doc storage


Chris:  Brief discussion of the kernel security list...

Ge: Secure by default.

Ge: Containment with chroot() w/out root.  Jail is nice, but we're not
there yet.

Ge: MAC dicussed as well.  SELinux has good advantage being shipped with
mainline kernel.  Still needs work on policy configuration.  Joel
suggested adding requirements around policy manipulation tools.

Andy: GUI apps exist to handle this, I'll send in some pointers.  Where
should we be storing docs?

Chris: We had a repository on groups.osdl.org, but I don't think we have
it anymore.  I'll see what I can do, I hate to be the bottle neck on
posting docs.  We can always have a wiki that maintains just pointers to

Joseph:  Point that was made is that difficult to use shouldn't strike
the requirement.

Chris: Yes, you had already noted that tools in general were missing and
had added those.  So policy manipulation tools are a natural extension.

Andy:  Standardize on file format for exchanging documents?  And
standardize on writing style, narrative, etc?

Chris:  As far as style, we aim to mesh with existing structure per each
working group.  And for formatting style, pdf is easy for reading, by
ooffice style for editing.

Andy:  Ah, ok, I prefer rtf.

Ge: It can be lossy across platforms.  And doc is what we got stuck with
in CGL.

Andy:  What are some of the issues people are having with SELinux?

Chris:  Main problem is with policy configuration.  Convincing yourself
it's secure and making sure you haven't broken appliations.  Tresys has
built some tools to help this process, I haven't played with those,
perhaps other have.

Ed: There are other alternatives as well.  That's why we talk about
things like BSD Jails, Solaris 10 Zones, Immunix SubDomains, etc.

Andy:  OK, thanks.

Ge:  Another concern is around patent issue with secure computing.
Letter states that patent grant is null if patent is sold.  Should
probably be reviewed by your lawyers.

[back to CGL feedback]

Ge: ACL's exist on most filesystems, maybe not embedded.

Ge: Default passwords are pointed out to be evil, no defaults for root
would be useful.

Ge: Sarbanes-Oxley type of audit requirements in CGL?  Not clear, and I
haven't done any research on that.  SNARE was mentioned, I'll look into

Ge: Spec mentions a way to limit resource usage, and specifically states
memory.  Question was brought up if we should document all the rlimits?

Chris: I brought that up, was just mentioning that we document one,
there are many, and they can be security sensitive. 

Ge: TPM is redundant with hardware, so we'll keep it just as pointer to
hardware section.

Chris: Did it not have an objective?

Ge: O.PHYSICAL, if you have keys to protect with possible physical
access, TPM is useful.

Ge: Filesystem quota can be slow on bootup to rescan data.

Chris: ELS feedback.  Common Criteria evaluation efforts could possibly
consolidate (at least the documentation part), and OSDL sig was
mentioned as a place to consider that.  Opensolaris has interest in
releasing tools that could be of use across platforms.  This has come up
on trustedbsd list as well w.r.t. auditing and BSM format.  So we could
see some interest in this area as well.

Chris: LWE attendess?  Ed, Chris, ... well if anyone's plans change, or
you know someone who will be there, let me know.  It's always nice to
meet f2f.  Ed and I are already planning on meeting.

Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

More information about the security_sig mailing list