Re: another volunteer
Alfonso:
Thanks for looking at this and making yourself known. I will be
heading up the work getting a LSB specification for security under way
following the 1.0 release of LSB. I will gladly include you in this if
you wish. Watch for a new mail list to be started for this topic. The
same invitation goes out to others as well.
Doug
Alfonso De Gregorio wrote:
>
> On Wed, May 09, 2001 at 03:50:38PM +0100, Alan Cox wrote:
> > > unfortunately I have subscribed this list only today.
> > > Please, do not hesitate to let me know how can I contribute
> > > (eg. what about the establishment of a GNU/Linux Security SIG -
> > > task #27482 ?).
> > >
> >
> > Umm interesting I hadnt noticed that task. How is that different from
> > security-audit and/or vendor-sec ?
>
> In my opinion, the GNU/Linux Security SIG should address only
> the security issues ingrained in either the system interface
> or the environment described in LSB specifications.
>
> I should be out of the scope of this SIG to describe how:
> the developers of GNU/Linux distributions must implement commands
> and utilities in a "secure" and robust way (code auditing and
> developing are inevitably vendors tasks).
>
> However, since I have not searched yet the list archive for related
> threads, I am simingly missing some goals for this SIG.
>
> Here it is a partial list of issues that may or may not be addressed
> by the Security SIG. It would be nice add to it other issues and
> group its items in a "must be addressed" and "must not be addressed"
> lists.
>
> In no particular order:
>
> Item |Relevant Spec. Sections| Comments
> -----------------------------------|-----------------------|----------
> libc functions prone to security | 10.1 |
> problems | |
> -----------------------------------|-----------------------|----------
> cryptographic hash functions | chapter 13 |
> supported for packages verification| |
> -----------------------------------|-----------------------|----------
> security issues in dynamic linking | chapter 7 |
> -----------------------------------|-----------------------|----------
> /dev/{u,}random behavior and how | | more
> seeds are handled at system | |generally:
> initialization | | PRNG
> -----------------------------------|-----------------------|----------
> security and environment variables | |
> (eg. IFS, PATH, TMPDIR, etc...) | |
> -----------------------------------|-----------------------|----------
> Posix.1e (POSIX.6) | |
> -----------------------------------|-----------------------|----------
> PAM or more generally | |
> authentication mechanisms | |
> -----------------------------------|-----------------------|----------
> users & groups | Chapter 16 | alreay
> | | present
> | |----------
> | | DAC?
> -----------------------------------|-----------------------|----------
> ownerships and permissions | 17.2 | already
> | | present
> -----------------------------------|-----------------------|----------
> Internation Kernel Patch and its | |
> support | |
> -----------------------------------|-----------------------|----------
>
> Thanks,
> alfonso
>
> --
>
> To UNSUBSCRIBE, email to lsb-spec-request@lists.linuxbase.org
> with subject of "unsubscribe". Trouble? Email listmaster@lists.linuxbase.org
--
Douglas B. Beattie
------------------
Linux Test Architect - Caldera, Inc.
dbb@sco.com
Reply to: