Kees Cook is the security engineer and Gerry Carr is the head of platform marketing at Canonical. In this interview they discuss the security improvements in Ubuntu 9.10, the security challenges the Ubuntu team faces as well as what the latest version of Ubuntu offers to the developer community.
What are the most notable security features introduced with Ubuntu 9.10?
The widest-reaching change was the introduction of non-executable memory emulation for Ubuntu systems that lack non-exec hardware. Modern CPUs allow regions of memory to be marked as “non-executable”, like the stack and heap. This puts a stop to large classes of vulnerability exploits. For systems that do not have it (or do not run in 64bit mode), Ubuntu’s kernel now includes a partial form of this, emulated in the kernel by way of memory segment limits.
AppArmor saw several improvements this cycle, and had several more profiles created including ntpd, evince, and libvirt. Additionally, experimental profiles (available for testing) were created for Firefox and Apache. The libvirt integration provides even more isolation for virtual machines running under Ubuntu.
More applications were built as Position-Independent Executables, allowing them to take full advantage of the kernel’s Address Space Layout Randomisation. Additionally, the PIE applications have been built with linker flags that reduce the areas within the application that can be subverted by attackers.
Other improvements include the Uncomplicated Firewall being enhanced to add interface and egress filtering, and the kernel now provides a one-way sysctl toggle that can block further module loading.
Since threats evolve quickly, what kind of challenges does this pose to the Ubuntu developer and security teams?
While much of the regular Linux security landscape is understood (e.g. permissions/role separation, firewalls, memory corruption, encryption), many technologies are still relatively young (e.g. virtualisation, cloud computing). Our team’s challenges arise from testing these new technologies and looking for design flaws and security bugs.
As with any system, the largest challenge is mitigating design flaws. When a class of security vulnerabilities emerge based on a technological design issue, it can be tricky to find the right solution that does not unduly inhibit usability and then to also backport these changes to earlier stable releases.
Luckily, defenses are evolving quickly too. With more Mandatory Access Control systems being made available (e.g. SELinux, AppArmor, TOMOYO, SMACK), more work being done on capabilities, and better confinement and namespace separation, there will be more tools available to help stop vulnerabilities from getting very far.
Ubuntu has always been praised by the developer community. What does version 9.10 have in store for them?
There are a number of things we have focused at the developer. Quickly is a toolset to allow the opportunistic developer to really easily write apps that will run on Ubuntu. It automates many of the tasks that are required in compiling and testing any program, gives access to a smartly selected, technologies like Glade and Python. Critically it also automates the packaging of apps or Ubuntu which has been a stumbling block to many developers.
Separately all the code for Ubuntu is now hosted on BZR, which is Canonical’s version control system and is a great way for peoplke to get introduces to this tool. BZR is ideal for distributed development and makes checking in and out code very easy. Bazaar supports many best practices including refactoring, pair programming, feature branching, peer reviews and pre-commit regression testing. With true rename tracking for files and directories, merging changes from others simply works more often.
Also we completely open sourced Launchpad, the collaboration website for developers working on Ubuntu and hundreds of other open source projects. That Launchpad was proprietary was preventing a number of developers participating through it so with that restriction now removed – we look forward to new contributors coming on board.