[Security_sig] Security Gaps

Chris Wright chrisw at osdl.org
Thu Oct 13 13:09:35 PDT 2005

* Emily Ratliff (emilyr at us.ibm.com) wrote:
> In no particular order, here are some Linux security gaps/wishlist:
> Highly accurate open source static analysis tools (and all open source
> projects making use of them)

I couldn't agree more.  This is in that never-ending task category, but
needs to be underway.

> Capability to run w/o root in a traditional DAC environment
>       ala Solaris Process Rights Management
>       Linux project: Olaf Dietsche's File system capabilities patch not
> integrated

Trusted Solaris and IRIX both had this I believe.  But it's unclear if
people would be able to make good safe use of it.  It can pretty easily
make the system less secure.

> Integrated cryptographic framework - single point of FIPS certification

That's a longterm one, maybe really longterm...

> Secure virtualized containment (not SELinux) ala Solaris Zones/containers
> or HPUX Secure Resource Partitions
>       this often gets punted to Xen, but there is an advantage for having
> both types of virtualized containment available
>       Linux project: vserver not integrated

This one is tough.  Do people really want it?  vserver, zones, hpux
partitions don't give good isolation, so there's a lot of domain crosstalk
that can interfere with isolation attempts, IOW, Xen is better there.
Or do people want better resource control (ala CKRM).  I've worked with
the vserver folks in the past, and mainline integration is not that high
on their priority list.

> Easy to use RBAC tools (not talking about RBACPP)

This could be easy to use any security tools (effectively it's about
creating and administering sane policy)

> Encrypted file system with per file encryption
>       Linux project: eCryptfs + others not integrated
> Whole disk encryption

dm target not sufficient?

> Patch risk assessment

What can be done here?

> MLOSPP compliance may become an issue in the near future

Aside from FIPS, what are the showstoppers here?

> Kernel crypto api improvements - asynchronous work underway, asymmetric
> algorithms, GCM mode
> I'd like to see IPSec be easier to set up and a centralized repository that
> collects whether Linux IPSec and interoperate with various vendor VPNs and
> the settings required for the VPNs that it can interoperate with (ala
> monitor settings database or CDDB).
> A tiny feature that I would like to see added to logcheck (may be there in
> the latest release) is the ability to switch after a certain threshold from
> telling me about attempts (for example, ssh login attempts)  from a certain
> address to successes from that address. The attempts become uninteresting
> and the successes are very, very interesting.
> I haven't found anyone who cares but NIS+ is not available on Linux.
> Other requests that we have received - default umask 037, no world
> writeable directories (/tmp) on filesystems/partitions with setuid/setgid
> binaries and log files.

What's the concern with the latter bit?

> A key Linux weakness that affects other areas as well as security is a lack
> of integration between components.
> Ed, want to comment on I & A gaps?

More information about the security_sig mailing list