From ccd9a9be2481bd19bf5c1710f99a4dd4547d80d4 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Thu, 3 Aug 2017 08:17:23 -0600 Subject: [PATCH] add notes from security sig yesterday Signed-off-by: Tycho Andersen --- reports/sig-security/2017-08-02.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/reports/sig-security/2017-08-02.md b/reports/sig-security/2017-08-02.md index 531286ce9..21062b8a2 100644 --- a/reports/sig-security/2017-08-02.md +++ b/reports/sig-security/2017-08-02.md @@ -16,3 +16,22 @@ Previous meeting notes: [2017-07-19](2017-07-19.md) - please feel free to propose additional deep dives and discussion topics! ## Meeting Notes + +- Alpine Linux intro [slides](https://dev.alpinelinux.org/~ncopa/presentations/alpine-security-mission.html) + - Question: what's the strategy for getting rid of SUID? File capabilities? + - Answer: no real plan + - Question: what's the strategy in the face of no more public GRSecurity + patches? + - Answer: Currently forward porting last test patch, slightly risky, not a + good solution. May discontinue use at some point. + - Question: Thoughts on capabilities? + - Answer: fs-caps sound like a nice way to get rid of SUID bits, since + they're uid-independent. + - Question: Thoughts on LSMs? + - Answer: SELinux is complicated, AppArmor is simpler and perhaps better in + that sense, not on the roadmap currently for Alpine to implement default + profiles (but may be in the future) + - Question: What exactly is the deal with TLS? + - glibc does *lazy* allocation, so after pthread_create(), at some later + point, the actual allocation for TLS may fail, and glibc simply aborts(). + This is one reason dlopen is a noop, but not the only reason.