[Security_sig] 5/12 Conf. call minutes
chrisw at osdl.org
Thu May 12 10:55:39 PDT 2005
Chris Wright (OSDL)
Emily Ratliff (IBM)
Mary Edie Meredith (OSDL)
Ed Reed (Novell)
- CGL security spec (ratified)
- DCL security spec (draft review)
- any other business
Ed: Test matrix for Xen? Resource management test requirement. Verify
isolation, timely access to reserved cpu/memory accesses. Metering,
Mary: We'll discuss system management at f2f, this may come up there.
Chris: They are testing, but it's mostly functionality, performance and
regression oriented. I don't know of anything formalized yet. It's
come up at the summit mentioning folks like IBM and OSDL to help with
Emily: IBM has people dedicated doing testing, and there's a paper from
IBM at OLS re: testing.
Emily: Asked by customers to talk to open source community and distros
about security by default. One example was example umask (would like
0377, instead of 0022)
Ed: Novell has internal debate on this. Non-distro worries about
globally readable home dirs, for example.
Emily: One solution is tighter home dir, then looser umask.
Mary: f2f will have security_sig update, talk about outline and be able
to answer questions.
Ed: Spam trap, should push more work onto client trying to deliver spam
rather than loading the server creating more load (DoS potential). So,
do something like SSL transform. This is to document protocol design
Ed: Started from CGL doc, kept cover page, objectives
Chris: App server mentions multiple apps, didn't see clear call for
isolation. In many cases, these can be completely isolated...
Ed: Yes, I'll make a note on that. In some cases there's
interdependence (performance vs. security tradeoff).
Ed: CC bits, environment, assumptions, objectives..
Ed: section 3, security capabilities. call out local representation of
user (uid), vs. enterprise wide user (e.g. uuid).
Chris: what's available to map from uid to uuid.
Ed: samba, novell identity services, dce. explicitly go away from
nis/yp style single flat 16/32-bit uid space.
Chris: trying to see where there's a hole.
Ed: probably pam, for example, needs this...dynamic local user
Mary: How does this give us an assurance security level, to fix the old
capabilities matrix problem.
Chris: It doesn't. The old problem was not about assurance (CC type),
it was about context, architecture, etc. It was a laundary list of
security features, with no arch. to tie it together.
Mary: Will this tie back to objectives.
Ed: Yes, we'd like to get there, just not done yet.
More information about the security_sig