Re: Minutes of the Debian linux-2.6 Group Meeting

To: debian-kernel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Minutes of the Debian linux-2.6 Group Meeting
From: Kees Cook <kees@debian.org>
Date: Thu, 18 Nov 2010 11:23:39 -0800
Message-id: <[🔎] 20101118192339.GF13854@outflux.net>
In-reply-to: <[🔎] 20101111135212.GU19612@vostochny.stro.at>

On Thu, Nov 11, 2010 at 13:52:12 +0000, maximilian attems wrote:
> LSM: Enable AppArmor? as well as/instead of Tomoyo?
> ---------------------------------------------------
> As the LSM need to be built we can't enable them. This needs a technical
> solution were code can be disregarded as init sections or similar.
> AppArmor seems more popular as Opensuse and Ubuntu uses it. Technicaly
> Tomoyo is said to be cleaner.

What do you mean by "can't" here? You can build _all_ of them,
actually. The active LSM is just selected at boot-time through the
kernel command line arguments. If it's a concern over kernel size,
upstream specifically removed the ability to make the LSM modular,
so this means that no additional LSMs will ever be available in Debian?

> NX bit emulation and 32-bit mmap randomization
> ----------------------------------------------
> We don't want to carry intrusive patches.
> The NX patch was rejected as such by upstream and thus we won't take
> it either.

Why? These patches are well maintained, and touch areas of the kernel that
do not change much (making them very easy to merge). Why leave non-PAE
x86 users out in the code when so many other distros use some form of
this patchset? I've worked to make sure they only touch CONFIG_X86_32,
so they're extremely minimal.

> Currently we recommend PAE for bigger boxes but do not default to it.
> Action item by bwh and waldi to default Debian Installer to it
> and deprecate non PAE 686.

This sounds great, regardless.

> Upstream status of the other patch is unknown, maks will consult Kees.

In my mind, they[1] are a single patch -- the "32-bit mmap randomization"
is better named "ASCII Armor ASLR", which doesn't have much value,
IMO. The entropy is extremely low compared to upstream ASLR, but it would
be actually 0 if left out in the nx-emu case. As such, it is only enabled
on systems that are using nx-emu.

I intend to try to get it upstreamed, but it's pretty far down on my TODO
list[1].

Thanks,

-Kees

[1] http://git.kernel.org/?p=linux/kernel/git/frob/linux-2.6-roland.git;a=shortlog;h=refs/heads/fedora/x86-nx-emulation
    http://git.kernel.org/?p=linux/kernel/git/frob/linux-2.6-roland.git;a=shortlog;h=refs/heads/fedora/32bit-mmap-exec-randomization
    (this one is still missing one additional patch from me...)

[2] https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#Upstream%20Hardening

-- 
Kees Cook                                            @debian.org

Reply to:

Follow-Ups:
- Re: Minutes of the Debian linux-2.6 Group Meeting
  - From: Julien Cristau <jcristau@debian.org>

References:
- Minutes of the Debian linux-2.6 Group Meeting
  - From: maximilian attems <max@stro.at>

Prev by Date: Re: [buildd-tools-devel] testers wanted: sbuild and build-dependencies
Next by Date: Re: Minutes of the Debian linux-2.6 Group Meeting
Previous by thread: Re: Minutes of the Debian linux-2.6 Group Meeting
Next by thread: Re: Minutes of the Debian linux-2.6 Group Meeting
Index(es):
- Date
- Thread