21:21:56 <harish_> #startmeeting [14:15] <@harish_> speaker: Joerg Simon [14:16] <@harish_> #topic Fedora Security Lab [14:16] <@harish_> fsl developed by testers [14:17] <@harish_> fsl is a test-tool all-stars [14:17] <@harish_> #link http://spins.fedoraproject.org/security/ [14:18] <@harish_> #link https://fedorahosted.org/security-spin/readyApps [14:18] <@harish_> has a list of apps that were rejected either because they were too large or d 21:21:56 <zodbot> Meeting started Sat Jan 29 21:21:56 2011 UTC. The chair is harish_. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:21:56 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 21:22:01 <badkittydaddy> but also nist the national institute of <asks crowd> we don't use it in europe 21:22:04 <zodbot> harish_: Error: Can't start another meeting, one is in progress. 21:22:40 <badkittydaddy> and very important um it doesn't care about solution based things or compliance based things it's about real security and it's made for companies or governments that really have something to protect 21:22:50 <badkittydaddy> um it is made to have a common sense of how i made the test 21:23:15 <badkittydaddy> and yeah they put it in this chart so i was as i was in india a test pilot put out the circuit breaker for the pilot without the pilot knowing about it 21:23:39 <badkittydaddy> the test pilot knew all about the attack but the pilot did no tknow about the attack so i do not recommend you do this <laughter> 21:23:53 <badkittydaddy> uh yeah it defines what you teset where you test which channel you test 21:24:06 <badkittydaddy> not only about data communication or network security it's also abt physical property that you test 21:24:10 <badkittydaddy> it's about things that you can see 21:24:16 <badkittydaddy> it also regulates in which periods you test 21:24:23 <badkittydaddy> and this is something this could be a possible solution for a menu 21:24:30 <badkittydaddy> where you could put all the tools in the different cases 21:24:42 <badkittydaddy> this could be one solution the other solution could be it's not really a work flow here 21:24:55 <badkittydaddy> you can select the module that you need, the 17 modules and it's color coded so you know where you're started 21:25:07 <badkittydaddy> um yeah i want to know what time um 21:25:22 <badkittydaddy> there is often ppl tell me there is no 100% security 21:25:33 <badkittydaddy> who has googled security, what does security mean to you? 21:25:40 <badkittydaddy> <crowd response> 21:25:49 <badkittydaddy> risk management, protecting from risk protecting from danger 21:26:04 <badkittydaddy> in germany we have risk protection goals, integrity, <asks for translation> 21:26:08 <badkittydaddy> sorry 21:26:19 <badkittydaddy> i will look, sorry 21:26:23 <badkittydaddy> i have it, i have it 21:26:27 <badkittydaddy> yeah yeah yeah, 21:26:33 <badkittydaddy> availability yeah 21:27:28 <badkittydaddy> the easy promis of defining security in a more complex way they count the check surveys the checks that you put in to control risks or threats that you have and the limitations for the controls and limitations of the functions that you expose to the world 21:27:33 <badkittydaddy> they have a metric that is also available for free 21:27:41 <badkittydaddy> and normally i would talk about the metric now but i skipped the slide 21:28:03 <badkittydaddy> and right now we have 3 version goals the request to disable automount which makes sense if you 21:28:13 <badkittydaddy> um yeah if you want make filesystem rules 21:28:19 <badkittydaddy> not that the system just mount your device 21:28:25 <badkittydaddy> then often ppl ask how to join project 21:28:38 <badkittydaddy> if you want to contrib to fedora security lab talk to us and just if you are a pckager, just package it for us 21:28:55 <badkittydaddy> but if you want towork on structure for fedora security lalb just speak to me and we will find a ...task for you 21:29:15 <badkittydaddy> yeah and the next goal maybe we can do it here at fudcon maybe make a yum install security lab 21:29:21 <badkittydaddy> and i told you our team is not limited to some persons 21:29:34 <badkittydaddy> release engineering is also part of the security lab because without them there woud not be a release 21:29:37 <badkittydaddy> so i cannot limit it to people 21:29:39 <badkittydaddy> yeah that's it 21:29:44 <badkittydaddy> i'm on time, <laugh> 21:29:49 <badkittydaddy> thank you 21:30:14 <badkittydaddy> [ transcriber's note: my keyboard is totally not comfy for transcribing :) ] 21:30:36 <badkittydaddy> new speaker 21:30:51 <Cerlyn> badkittydaddy: Want me to take over? 21:30:56 <badkittydaddy> if you could, sure 21:31:27 <Cerlyn> Why should you protect your linux system? simply put, it's youtr computer, to be used as you see fit 21:31:43 <Cerlyn> you have to win every day, but the cracker only has to win once 21:31:57 <Cerlyn> The approach to take must be multi-facetd with different approaches which may or may not overlap 21:32:12 <Cerlyn> some ways are automatic settings on your computer, some are habits you should adopt 21:32:24 <Cerlyn> A system under attack : SSH log of the same 21:32:40 <Cerlyn> (ssh log of brute force login attack shown onscreen) 21:33:09 <Cerlyn> Use a router - NAT service will block unexpected packets (script scanning, crackers, login requests, etc.) 21:33:36 <Cerlyn> Question: How much attack reduction occurs by moving the SSH port? 21:33:59 <Cerlyn> In general security through obscurity; may work but also may be discovered 21:34:21 <Cerlyn> another audience member suggests the denyhosts tool to block an IP for a time duration after multiple failed logins 21:34:49 <Cerlyn> (Back to presenter) everyone should have their own account on each computer 21:35:01 <Cerlyn> shows how to use the User Manager in Fedora to add a new account 21:35:21 <Cerlyn> Manager Passwords - at least 8 characters, captial letters, small, digits, special characters, etc. 21:35:46 <Cerlyn> password should be easy to remeber but hard to guess 21:36:02 <Cerlyn> root password should be different than users 21:36:20 <Cerlyn> (Question) Some distros set root password random, don't let users set -- presenter not certain which is better 21:36:52 <Cerlyn> (Antoher audience person) From a multi-user perspective multiple logins via sudo would be better 21:37:15 <Cerlyn> Password experation a good idea; screen shown on how to do that 21:37:24 <Cerlyn> 90 days or so suggested 21:38:15 <Cerlyn> -- Control remote access to your desktop, disable VNC if not used, a system with no desktop users will not allow VNC access 21:38:27 <Cerlyn> in enabling VNC you may be broadcasting it is available over wifi 21:38:40 <Cerlyn> -- Screensaver should have password in order to unlock the screen 21:39:11 <Cerlyn> Remove automatic login 21:39:23 <Cerlyn> etc /etc/gdm/custom.conf 21:39:28 <Cerlyn> s/etc/edit 21:39:38 <Cerlyn> -- Perform updates regularly 21:39:51 <Cerlyn> usually can be done automatically unless you like to keep close control 21:40:12 <Cerlyn> as root set a cron job, or do "yum update" manually 21:40:28 <Cerlyn> Install software from Reposititories 21:41:12 <Cerlyn> Windows you control where things go; ideally with Linux you can get away with the standard package 21:41:39 <Cerlyn> (Shows where repositories can be edited from within GNOME on Fedora) 21:41:55 <Cerlyn> Or you can edit /etc/yum.conf directory to control the repository list 21:42:12 <Cerlyn> or /etc/yum/repo.d 's file.repo 21:42:31 <Cerlyn> -- Activate your firewall and tune appropriately 21:42:49 <Cerlyn> (Shows where in System menu to reach Firewall Configuration) 21:43:08 <Cerlyn> can edit /etc/sysconfig/iptables -- but manual customization of the file is not needed 21:43:30 <Cerlyn> --- Turn off unneeded system services -- often ftp, sshd, vnc, httpd, sendmail, netconsole.. 21:43:37 <Cerlyn> System/Administration/Services shown 21:44:00 <Cerlyn> Or use the "setup" command, System Services tool from the console 21:44:11 <Cerlyn> changes take effect next boot 21:44:20 <Cerlyn> Limit SSH access to unly the users you allow, and exclude the root user 21:45:49 <Cerlyn> Shows how to edit SSH to do this 21:45:57 <Cerlyn> -- Install denyhosts 21:46:15 <Cerlyn> python script that analyzes sshd logs to determine which IPs have repeated login failures 21:46:33 <Cerlyn> it will modify /etc/hosts.deny 21:47:23 <Cerlyn> -- other strategies 21:47:32 <Cerlyn> Install SELinux and use it in enforcing mode 21:47:37 <Cerlyn> Use NoScript firefox plugin 21:47:51 <Cerlyn> Remove junk that accumulates over time (BleachBit) 21:47:57 <Cerlyn> Don't automount devices 21:48:04 <Cerlyn> close root terminals when you're finished 21:48:53 <mgoldmann> one small question – will be there a log available maybe? 21:49:07 <Cerlyn> -- protect your computer's physical integrity 21:49:32 <Cerlyn> they could insert a live CD or USB key or hard drive and plug it in, and do what they want 21:49:37 <Cerlyn> -- Summary 21:50:10 <Cerlyn> {mgoldmann: I belive a meeting bot is logging all fudcon room channels} 21:50:25 <mgoldmann> Cerlyn: ah, great! 21:50:59 <Cerlyn> List of bullet points from above shown 21:51:09 <Cerlyn> Presentation made with Fedora 9-14 systems except 13 21:51:22 <Cerlyn> {Applause Questions/Comments} 21:52:23 <Cerlyn> Question on why default user on many distros automatically presumed to be able to switch to root 21:52:52 <Cerlyn> root is a user when used which cannot be used to figure out who used it 21:53:08 <Cerlyn> Protecting your own password now is an important as protecting the root one 21:54:13 <Cerlyn> Someone suggests renaming the root user; other suggest this might break things 21:54:37 <Cerlyn> HTTPS everywhere and Password Maker Firefox plugins suggested 21:54:48 <Cerlyn> passwordmaker.org - has android apps, etc. 21:56:11 <Cerlyn> --- meeting ends --- 21:56:19 <Cerlyn> (Session rather) 21:59:28 * nirik finds power. 22:00:55 <brunowolff_> This session slot I'll stick to just this session and be available for questions if they have any nirik can't answer. 22:01:15 <nirik> brunowolff_: if you have things you specifically want me to ask, let me know. 22:01:28 <nirik> I think I can describe the current setup and ask what we should do moving foward. 22:03:19 <brunowolff_> Right now I don't have questions for the group. I might have some in reaction to the discussion. 22:03:48 <brunowolff_> If they start conflating the wrangler with the leader, you can clarify that. They were two people in the past. 22:03:57 <Cerlyn> #endmeeting 22:04:01 <brunowolff_> And should be again if Spins SIG is revived. 22:04:37 <nirik> yeah. 22:04:51 <DiscordianUK> i think it's all change rooms now 22:05:08 <nirik> yeah, jared is here writing on the whiteboard. we haven't started yet 22:05:10 <Nushio> Anyone gonna liveblog the spins talk? 22:05:18 <Nushio> otherwise, I'll handle it 22:05:19 <zodbot> Cerlyn: Error: Can't start another meeting, one is in progress. 22:05:33 <nirik> Nushio: that would be great. I could, but I might be talking and it's hard to talk and type. 22:05:35 <DiscordianUK> the bit is already busy 22:05:40 <DiscordianUK> bot 22:05:43 <Cerlyn> Strawman agenda 22:05:46 <Cerlyn> 1. Current Sitauation 22:05:47 <Nushio> nirik: relax, i'll handle it 22:05:49 <Cerlyn> 2. Are they worthwhile? 22:05:52 <Cerlyn> 3. Technical issues 22:05:58 <Cerlyn> 4. Governance issues? 22:06:03 <Cerlyn> 5. Possible solutions 22:06:06 <DiscordianUK> I do hope we get slides 22:06:15 <DiscordianUK> from all the presenters 22:06:16 <Cerlyn> No slides yet for this session 22:06:17 <Nushio> alright I think Cerlyn is going to be handling this one? 22:06:30 <Cerlyn> Nushio: Unless you want to; I typed the last one a bit 22:06:42 <Nushio> Cerlyn: go ahead 22:06:46 <Nushio> I just liveblogged the previous one 22:06:46 <Cerlyn> -- What is a spin? Spins came out of 2 fudcons ago 22:07:04 <Cerlyn> basically a spin is a live version of fedora with its own package set based out of Fedora 22:07:14 <Cerlyn> securitylab, xfce, sugar, etc. 22:07:57 <Cerlyn> kind of the process existing now -- someoen comes up with the idea, comes up with the kickstart file, etc., 22:08:05 <Cerlyn> The Spins SIG looks at it 22:08:10 <Cerlyn> The board looks at it to see if it can be called fedora 22:08:21 <Cerlyn> if the board says yes it becomes mirrored out, etc. 22:08:42 <Cerlyn> The problem is the Spins SIG essentially was Bruno and the current speaker, but that's it 22:08:53 <Cerlyn> no one else was testing, some spins didn't work, may look a bit bad 22:09:14 <Cerlyn> (another speaker) the way the process was created caused the process to be fundamentally flawed 22:09:50 <Cerlyn> Lots of stuff to test in a short 6-month timeframe to verify it works with the fedora 22:10:02 <Cerlyn> Spins SIG not given the mandate to do any release engineering 22:10:22 <Cerlyn> --- Coordinator brings the talk back to the agenda 22:10:27 <brunowolff_> Jesse cleanup after Spins SIG several times. 22:10:38 <brunowolff_> s/cleanup/cleaned up/ 22:11:19 <Cerlyn> (Lots of people jumping back and forth on topics) 22:12:04 <Cerlyn> Spins SIG technically only approving the kickstart; not anything else 22:12:21 <Cerlyn> Currently ~10 Spins 22:13:22 <Cerlyn> There are download statitics, but they are not necessarily represantive 22:13:41 <brunowolff_> I think Spins SIG should have been doing more with the process and minimum quality standards. But needs more people to do that. 22:14:02 <Cerlyn> For the current situation, QA situation LFC and XFCE were tested for the current release 22:14:18 <Nushio> Alright, I'm out of power on my laptop. I'm stepping out for this session. 22:14:42 <Cerlyn> -- two different flavors of spins -- focused on desktop environment, or a common set of tools 22:14:57 <Cerlyn> the third case is the brazillian spin due to a trademark issue 22:15:29 <Cerlyn> Does it make sense to treat them all equally? 22:15:55 <brunowolff_> broffice isn't needed for future spins. 22:16:51 <Cerlyn> The other thing to point out is that it is a live image with its own package, but we may want an alternative multi-CD/DVD install as well 22:16:53 <Cerlyn> Types 22:16:57 <Cerlyn> - Desktop 22:17:02 <Cerlyn> - Vertial set of apps 22:17:05 <Cerlyn> - Virtualized 22:17:24 <Cerlyn> To what is a spin, add that spins are also a showcase 22:17:34 <NushioDroid> Cerlyn: Youre doing a great job transcribing. thanks! 22:18:40 <Cerlyn> (audience member) maybe it would be worth setting up a core package setup with a more visual experience where they can pick the package groups that they want 22:19:00 <Cerlyn> Moderator notes this has been thrown around many times before, and we are kind of there 22:19:33 <Cerlyn> As spins define now installation is not required, but has to be installable by policy 22:19:58 <Cerlyn> arguable that the security CD will often be used without installing it at all 22:20:16 <Cerlyn> --- moving on to "Are they worthwhile" 22:20:26 <Cerlyn> the Fedora board thinks that there is some level of validity to spins 22:20:44 <Cerlyn> (Audience #1) They are usable to see if something works on your hardware and has the applications that you need 22:21:21 <Cerlyn> Moderator: Why do we want spins? 22:21:46 <brunowolff_> It may be worth distinguishing between the ks files and the iso's here. For some things you really want 22:21:49 <Cerlyn> -- Sugar on a stick allows testing how users will use it without the need for an IT department's help 22:22:13 <brunowolff_> updates and don't need the iso's, but rather to be able to easily make a current one. 22:23:40 <Cerlyn> another audience member notes spins useful for QA test days 22:24:06 <Cerlyn> {Why list being created} 22:24:16 <Cerlyn> * Testing on other hardware/infro 22:24:20 <Cerlyn> * Q/A - Test days 22:24:23 <Cerlyn> * Showcase ! 22:24:40 <Cerlyn> * Creative outlet 22:25:31 <brunowolff_> With persistent home you can use them on computers you don't own to run a relatively trustable OS. 22:25:54 <brunowolff_> I use them at work for some machines connected to projectors for meetings. 22:26:14 <Cerlyn> brunowolff: Are you looking for this to be relayed to the conference room, or are you here? 22:26:30 <brunowolff_> My comments have all been for relay. 22:26:37 <brunowolff_> I am not at Tempe. 22:26:39 <ke4qqq> Cerlyn: he's sadly remote 22:27:05 <brunowolff_> Well I only get to go away from home one trip a year, and it is to a board gaming tournament. 22:27:51 <Cerlyn> * Try before you buy 22:29:13 <Cerlyn> brunowolff: I'm trying to relay but the moderators trying to move things along too 22:29:42 <Cerlyn> Someone notes that they carry around many of the spins to demonstrate things 22:30:08 <Cerlyn> * Creative outlet - out of the box {modified} 22:30:15 <Cerlyn> * fastest way to install Fedora 22:31:43 <Cerlyn> devils' advocate -- a more flexible installer would allow spins to be abandoed 22:31:46 <Cerlyn> abandoned 22:32:01 <Cerlyn> some spins, but not all 22:32:19 <Cerlyn> {another person} but a group in the installer is not a showcase 22:32:57 <Cerlyn> {another} the idea has always been to form spins from package groups 22:33:42 <Cerlyn> --- 3. Technical issues? 22:34:03 <Cerlyn> * Upgrades 22:34:08 <Cerlyn> * Less flexible installer 22:34:27 <Cerlyn> * Upgrades/updates {combined} 22:34:49 <Cerlyn> * Insallation code paths 22:34:50 <Cerlyn> * Testing 22:34:57 <Cerlyn> * Image size 22:35:03 <Cerlyn> * filesystem overlay 22:35:30 <brunowolff_> If we care, nVidia drivers don't work on live images. 22:36:42 <Cerlyn> brunowolff: The binary-only ones? 22:36:56 <Cerlyn> * too many options to setup your system 22:36:57 <brunowolff_> Using live images on optical media is very slow due to seek time. 22:37:30 <brunowolff_> Yes. They need to be installed on a system that has the right hardware. They don't auto detect like Fedora's drviers do. 22:37:47 <Cerlyn> * media seek times {relayed/added} 22:37:54 <brunowolff_> With nouveau improving it's less of an issue. 22:38:04 <Cerlyn> * audit trail (the perl problem) 22:38:16 <brunowolff_> I never tested catalyst, but wouldn't be surprised if they didn't work either. 22:38:32 <Cerlyn> * mirroring/disk space 22:39:07 * nirik hopes we get to the ... profit^Wsolutions part of the talk. 22:39:53 <Cerlyn> * one at a time 22:40:08 <Cerlyn> image size can be seen as a constraint as well as a storage issue 22:40:10 <brunowolff_> I think direction to go would be enough. Once we have a direction, I don't think solutions will be that hard. 22:40:22 <Cerlyn> --- 4. Governance issues? 22:40:30 <Cerlyn> * meetings 22:40:43 <Cerlyn> * brand dilution 22:41:02 <Cerlyn> * Why a Spins SIG/wrangler? 22:41:02 <brunowolff_> Relay: I felt it difficult to impose requirements on people doing spins when it was just Kevin and I to make decisions. 22:41:22 <brunowolff_> I didn't feel that was enough people to get a consensus. 22:41:37 <brunowolff_> The wrangler does initial technical review. 22:41:50 <Cerlyn> * responsibility/workload 22:41:57 <brunowolff_> And was also envisioned to liason with Releng. 22:42:31 <brunowolff_> The wrangler could certainly ask for help doing reviews if there was anyone to ask. 22:42:47 <Cerlyn> brunowolff: Relayed 22:42:55 <Cerlyn> * lack of response/communication 22:43:03 <brunowolff_> The Spins leader was supposed to do vision things with spins. 22:43:29 <brunowolff_> Like suggesting goals for improvement, leading discussions on minimum standards. 22:44:45 <brunowolff_> Helping to define criterea for accepting or rejecting proposals for new spins related to their theme. 22:45:16 <Cerlyn> * point of contact 22:45:30 <brunowolff_> Other workers were needed to help the wrangler, document process and the like. 22:45:51 <Cerlyn> * combersome process 22:45:59 <Cerlyn> * too many deicison makers 22:46:45 <Cerlyn> * branding/design of particular spins 22:49:48 <Cerlyn> * resources 22:49:55 <Cerlyn> --- 5. Possible solutions 22:53:12 <Cerlyn> Discussion about mirrioring -- gentleman's agreement not to go over 1 Terabyte per meet 22:53:20 <Cerlyn> s/meet/release 22:53:30 <Cerlyn> not all spins mirrored, many are 22:55:41 <Cerlyn> Fedora board has authority over the trademark; with the spins sig became a bit of a rubber-stamping exercise 22:55:41 <brunowolff_> I'd like to see us really cut back on the iso's and do my ks publishing instead. People would be expect to create their 22:56:00 <brunowolff_> own images with up to date packages when they wanted. 22:56:48 <brunowolff_> I'd also like to see the ones for which we do iso's not be one man shows and have teams of people that 22:57:00 <brunowolff_> can be drawn on for testing and other tasks. 22:57:41 <Cerlyn> * require to build media with kicstart 22:57:43 <brunowolff_> Maybe cutback to Desktop, KDE and possible XFCE and LXDE. 22:57:48 <Cerlyn> * require spins to participate in SIG 22:58:11 <Cerlyn> * nightly reports 22:58:41 <brunowolff_> I think people were already required to participate in Spins SIG if they wanted an official spin. 22:59:18 <Cerlyn> * allow spin sig final approval (excluding trademark approval) 22:59:19 <brunowolff_> They just didn't, and the turn out was so bad that punishing those that didn't wasn't workable. 22:59:37 <Cerlyn> * disconnect spin release cycle from the main 23:00:11 <brunowolff_> Note Spins SIG doesn't have criterea for determining which Spins should be rejected. 23:00:17 <Cerlyn> * no one-man shows 23:00:24 <brunowolff_> (Other than on technical merits.) 23:01:12 <Cerlyn> meeting ended 23:01:27 <Cerlyn> Next topic: Using the SELinux Sandbox / Dan Walsh 23:01:44 <nirik> no real solutions found. perhaps we will find one in the hackfests. 23:03:04 <brunowolff_> I'll look to see if one is scheduled later. On Monday it will be harder (or impossible) for me to participate, depending on the time. 23:03:10 <DiscordianUK> ooh are dan's slides up yet? 23:03:28 <Cerlyn> locally yes; don't know about elsewhere 23:04:08 <DiscordianUK> I'd have made sure if I was there to see his talk and our esteemed leaders 23:04:35 <Cerlyn> he has a talk tomorrow on writing policy 23:04:52 <Cerlyn> this a repeat of his talk from last year 23:04:59 <DiscordianUK> yeah i do we get slides from both 23:05:06 <stickster> Cerlyn: Just raise a hand and ask him if he's got them available on his fedorapeople.org space 23:05:06 <DiscordianUK> I do hope 23:05:24 <stickster> DiscordianUK: http://dwalsh.fedorapeople.org/ 23:05:26 <DiscordianUK> I'd imagine he would 23:05:29 <DiscordianUK> ta 23:05:37 <stickster> http://dwalsh.fedorapeople.org/SELinux/Presentations/ 23:05:57 <stickster> I don't see anything later than Sept 2010 there but he might be using an existing deck 23:06:38 <Cerlyn> What is a sandbox - run general applications in a locked down environment 23:06:40 <Cerlyn> this looks like the sandbox.pdf file there 23:06:47 <DiscordianUK> likewise there's nowt new there 23:06:57 <Cerlyn> http://dwalsh.fedorapeople.org/SELinux/Presentations/sandbox.pdf 23:07:09 <Cerlyn> Run untrusted applications or filters on untrusted data 23:07:28 <Cerlyn> But in reality you trust things somewhat; otherwise you would never run Firefox in the first place 23:07:31 <Cerlyn> but it might have some bugs 23:07:40 <stickster> Beauty! thanks Cerlyn 23:08:02 <Cerlyn> Vulnerabilities - allow filtering tools to read untrusted content 23:08:26 <Cerlyn> Examples of sandboxes - chroot, chrome-snadbox, OLPC/bitfrost, Java sandbox, SELinux xguest 23:08:47 <Cerlyn> SELinux - Standard SELinux is difficult to use on random applications 23:10:44 <Cerlyn> two processes with the same type can attack each other 23:11:10 <Cerlyn> Standard SELinux Sandbox - Execution of any app within SELinux Confinement 23:11:13 <Cerlyn> Blocks "Open" call 23:11:21 <Cerlyn> Allows read/write on inherited file descriptors 23:11:25 <Cerlyn> Temporary storage allowed 23:12:37 <Cerlyn> Uses MCS (uniquely generated) Labels for seperation 23:13:07 <Cerlyn> Excellent for scripting 23:13:12 <Cerlyn> Confinement of grid jobs 23:14:33 <Cerlyn> What about the desktop? 23:15:00 <Cerlyn> - how to confine Acrobat Reader(tm), Large communication paths for a variety of things (X server, home directory, gconf, Dbus...) 23:17:09 <Cerlyn> /usr/bin/sandbox 23:17:41 <Cerlyn> Setup file system, creatings new directories in home and /tmp; selects a random MCS label, 23:17:47 <Cerlyn> Labels directories sandbox file sandbox_file_t:MCS1 23:18:07 <Cerlyn> Copy executible/input files to homedir & time; creates .sandboxrc in homedir with command 23:18:22 <Cerlyn> Executes new utility seunshare; uses sandboxX.sh 23:18:30 <Cerlyn> Deletes temporary $HOME & /tmp 23:19:10 <Cerlyn> -- seunshare is a C Setuid Program 23:19:31 <Cerlyn> --- Sandbox X Components 23:21:04 <Cerlyn> Xephyr -- Xace (trusted X windows) does not work 23:21:19 <Cerlyn> Xephr gives every sandboxed app its own X server 23:22:22 <Cerlyn> Window manager used to run apps full screen 23:23:16 <Cerlyn> uses Matchbox, or you can use the -W flag to specify another such as metacity 23:23:32 <Cerlyn> This works because Gnome/GTK apps create contect in the home directory on the fly 23:24:15 <Cerlyn> Firefox creates a new .mozilla directory, etc. 23:24:29 <Cerlyn> SELinux policy - sandbox types are shown on a slide 23:24:48 <Cerlyn> -- sandbox -X problems 23:25:21 <Cerlyn> Windows cannot resize (on Fedora; patched fix in RHEL6) 23:25:24 <Cerlyn> No cut & paste 23:25:31 <Cerlyn> User confusion 23:25:39 <Cerlyn> - don't want to write a document while in a sandbox which will be destroyed 23:26:36 <Cerlyn> -- Future potential items 23:26:51 <Cerlyn> MLS? {Trusted environment} 23:26:55 <Cerlyn> Save sandbox directory? 23:27:39 <Cerlyn> {A demonstration is shown} 23:29:00 <Cerlyn> Showing two xterms, one sandboxed, one not 23:29:43 <Cerlyn> sandboxed one cannot see all processes, /tmp files, etc. 23:29:57 <Cerlyn> sandboxed xterm cannot ssh to another, sudo to root, etc. 23:32:56 <Cerlyn> Shows evince (PDF reader) sandboxed 23:33:33 <Cerlyn> has rigged firefox to always download PDF files in a sandboxed evince 23:33:52 <Cerlyn> the sandbox can detect if a document has been changed which was passed into it 23:35:25 <Cerlyn> there are no obvious signs of performance degredation due to opening files in a sandbox 23:36:26 <Cerlyn> shows firefox sandboxed using one of the different types which allows web access 23:38:51 <Cerlyn> working on how to make firefox instances which can only talk to intranet or Internet sites; watch his blog for details 23:40:36 <Cerlyn> Shows the ability to use the MLS label to force a "secret" level seperate desktop environment 23:40:51 <DiscordianUK> oooh MLS 23:41:04 <DiscordianUK> is that a new set of slides? 23:41:08 <Cerlyn> although due to a bug some of the gnome panels have issues while sandboxed 23:41:25 <Cerlyn> there have been no slides shown since the demonstration started 23:41:36 <Cerlyn> It looks like the PDF on the website matches the slides he showed today 23:41:37 <DiscordianUK> ahh okay 23:41:52 <DiscordianUK> thank you 23:45:28 <Cerlyn> {applause} 23:45:57 <Cerlyn> #endmeeting { Using the SELinux Sandbox / Dan Walsh } 23:46:47 <DiscordianUK> kudos to Dan 23:46:55 <DiscordianUK> and thanks to you 23:51:16 <harish_> #endmeeting