Add a number of pro-active security tasks to the tasklist, and grab
the coordinator role for fixing NULLFS, as the previous coordinator couldn't understand why he was listed as coordinator for that.
This commit is contained in:
Eivind Eklund
parent
942e68d5f1
commit
86cd11cd46
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=4251
1 changed files with 30 additions and 2 deletions
|
|
@ -1,4 +1,4 @@
|
|||
<!-- $Id: submitters.sgml,v 1.285 1999-02-06 16:21:53 eivind Exp $ -->
|
||||
<!-- $Id: submitters.sgml,v 1.286 1999-02-08 19:59:04 eivind Exp $ -->
|
||||
<!-- The FreeBSD Documentation Project -->
|
||||
|
||||
<chapt><heading>Contributing to FreeBSD<label id="contrib"></heading>
|
||||
|
|
@ -60,7 +60,7 @@ provide an accurate mapping of BIOS geometries for disks.
|
|||
<item>Filesystem problems. Overall coordination:
|
||||
&a.fs
|
||||
<itemize>
|
||||
<item>Clean up and document the nullfs filesystem code. Coordinator: &a.gibbs
|
||||
<item>Clean up and document the nullfs filesystem code. Coordinator: &a.eivind
|
||||
<item>Fix the union file system. Coordinator: &a.dg
|
||||
</itemize>
|
||||
<item>Implement Int13 vm86 disk driver. Coordinator: &a.hackers
|
||||
|
|
@ -82,6 +82,34 @@ implemented.
|
|||
<p><itemize>
|
||||
<item>Fix the syscons ALT-Fn/vt switching hangs. Coordinator: &a.sos
|
||||
</itemize>
|
||||
<item>Add more pro-active security infrastructure. Overall
|
||||
coordination: &a.security
|
||||
<itemize>
|
||||
<item>Build something like Tripwire(TM) into the kernel, with a remote
|
||||
and local part. There are a number of cryptographic issues to getting
|
||||
this right; contact the coordinator for details. Coordinator: &a.eivind
|
||||
<item>Make the entire kernel use suser() instead of comparing to 0.
|
||||
It is presently using about half of each. Coordinator: &a.eivind
|
||||
<item>Split securelevels into different parts, to allow an
|
||||
administrator to throw away those privileges he can throw away.
|
||||
Setting the overall securelevel needs to have the same effect as now,
|
||||
obviously. Coordinator: &a.eivind
|
||||
<item>Make it possible to upload a list of 'allowed programs' to BPF,
|
||||
and then block BPF from accepting other programs. This would allow
|
||||
BPF to be use e.g. for DHCP, without allowing an attacker to start
|
||||
snooping the local network.
|
||||
<item>Update the security checker script. We should at least grab all
|
||||
the checks from the other BSD derivates, and add checks that a system
|
||||
with securelevel increased also have reasonable flags on the relevant
|
||||
parts. Coordinator: &a.eivind
|
||||
<item>Add authorization infrastructure to the kernel, to allow
|
||||
different authorization policies. Part of this could be done by
|
||||
modifying 'suser()'. Coordinator: &a.eivind
|
||||
<item> Add code to the NFS layer so you cannot chdir("..") out of a NFS
|
||||
partition. E.g.: /usr is a UFS partition with /usr/src NFS exported.
|
||||
Now it is possible to use the NFS file handle for /usr/src to get access
|
||||
to /usr.
|
||||
</itemize>
|
||||
</enum>
|
||||
|
||||
<sect1><heading>Medium priority tasks</heading>
|
||||
|
|
|
|||
Loading…
Reference in a new issue