Release status update (or, Hoary and you)
Nick Loeve
ubuntu at trickie.org
Mon Mar 7 16:54:07 CST 2005
Martin Pitt wrote:
>
> Not a text appropriate for the announcement, but a more in-depth
> explanation:
>
> When we started with Ubuntu, a lot of daemons ran as "root" and a lot
> of programs were installed setuid root. This means that every security
> bug in these could potentially be exploited to compromise the system
> without any limit.
>
> Since then I evaluated many of these root processes and minimized
> their privileges to the absolutely required one. As a result, many
> setuid root programs are now only setgid to a particular
> application-specific group, and many processes now run as a dedicated
> normal user (with some additional kernel capabilities in some cases).
> This confines the potential impact of vulnerabilities to the process
> itself, they cannot affect any other processes any more.
>
> In short, this greatly helps to improve proactive security.
>
> Already derooted apps:
>
> klogd
> syslogd
> cupsd
> hald
> ntpd
> procmail
> smbmount/smbumount
> jackd
> login
> gpg/gnupg
> hpoj
> at
>
Hi Martin, i added a bit to the release notes.
It is not as thorough as what you provided but check it out at
http://people.ubuntu.com/~mako/docteam/release-notes/release-notes.html
(under the Ubuntu for the Developer/Administrator section), and let me
know if you want anything stressed in particular, or even if you want it
totally redone :)
Cheers,
trickie (Nick Loeve)
More information about the ubuntu-devel
mailing list