16:32 <jdstrand> #startmeeting 16:32 <meetingology> Meeting started Mon Aug 26 16:32:03 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:32 <meetingology> 16:32 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:32 <jdstrand> The meeting agenda can be found at: 16:32 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:33 <jdstrand> [TOPIC] Weekly stand-up report 16:33 <jdstrand> I'll go first 16:33 <jdstrand> I'm on triage this week 16:34 <jdstrand> I have several pending updates I'm working on 16:34 <jdstrand> I plan to test/sponsor tyhicks' saucy uploads this week 16:34 <jdstrand> I have a couple of august work items to do 16:34 <jdstrand> and participate in vUDS 16:34 <jdstrand> mdeslaur is not here today. sbeattie, you're up 16:35 <sbeattie> I'm again working on apparmor testing this week, looking at IPC issues 16:36 <sbeattie> I need to review work items, and make sure I don't have anything outstanding 16:36 <sbeattie> as well as attend vUDS. 16:36 <sbeattie> that's it for me, tyhicks? 16:36 <jdstrand> sbeattie: how is the IPC testing going? 16:36 <sbeattie> slow 16:36 <sbeattie> making progress but slow. 16:37 <jdstrand> sbeattie: you have one work item for august that I left for you. please focus on IPC 16:37 <sbeattie> jdstrand: okay, will do 16:37 <tyhicks> sbeattie: are you writing tests? if so, do you plan on incorporating the simplified socketpair() testcase that I wrote last week? 16:37 <tyhicks> (or should I do that?) 16:37 <jdstrand> sbeattie: it is the device-specific accesses. I may try to do soemthing with that, but will likely want to discuss it with you 16:37 <sbeattie> tyhicks: yeah, I can take that. 16:38 <jdstrand> might just postpone the work item. we'll see 16:38 <jdstrand> tyhicks: please proceed 16:38 <jdstrand> (with your status update) 16:38 <tyhicks> I'll be handing jdstrand a couple debdiffs and test results for saucy uploads this morning 16:39 <jdstrand> \o/ 16:39 <tyhicks> there's still one known bug in dbus, around how we're handling eavesdropping, I'll be working on fixing this this week 16:40 <tyhicks> then I'll probably take a look at the 'update apparmor_parser to add v3 open rules to v2 policy' work item 16:41 <tyhicks> I also need to spend a little time getting ecryptfs ready for the next merge window 16:42 <jdstrand> tyhicks: so, you addressed the dbus rules in abstractions issue with the tools? 16:42 <tyhicks> and I need to test jj's fix for a socketpair() labeling bug that I came across last week 16:42 <tyhicks> jdstrand: yes - I need to send that patch out to the list 16:42 <tyhicks> jdstrand: apparmor - 2.8.0-0ubuntu24+dbusdev4 contains the fix 16:43 <jdstrand> tyhicks: iirc, there were some test-dbus.py failures. is that the socketpair() issue? 16:44 <tyhicks> jdstrand: that was one issue 16:44 <jdstrand> ok, let's back up 16:44 <tyhicks> ok 16:45 <jdstrand> tyhicks: you are going to give me pacakges to upload. it sounds like there are bugs that are known to exist. what are they? 16:45 <tyhicks> jdstrand: the known bug remaining is around eavesdropping 16:46 <tyhicks> jdstrand: when we grant permissions in policy, we imply some permissions 16:46 <tyhicks> jdstrand: so when you have permission to send a message, you implicitly have permissions to receive a method_return or error message from the peer that you can send a message to 16:47 <tyhicks> jdstrand: our short-circuit code in dbus to allow the method_return or error messages to slip through is too loose 16:47 <jdstrand> I see 16:47 <tyhicks> jdstrand: it also allows eavesdroppers to see those messages 16:47 <jdstrand> so no problem uploading to saucy. we'll just fix that in the next upload 16:47 <tyhicks> exactly 16:48 <tyhicks> the only time that someone would see it is if they used dbus-monitor 16:48 <tyhicks> it is a very important bug to fix, but it doesn't affect day to day use 16:48 <jdstrand> yes 16:48 <jdstrand> tyhicks: ok, I'm done. please proceed :) 16:48 <tyhicks> I think that's it for me 16:48 <tyhicks> jjohansen: you're up 16:50 <jjohansen> I'm working on apparmor this week, specifically the ipc work items 16:50 <jdstrand> tyhicks: btw, after we upload to saucy, can you file a bug on the eavesdropping issue? 16:50 <tyhicks> jdstrand: yes 16:52 <jdstrand> jjohansen: sorry for interrupting 16:52 <jjohansen> jdstrand: heh thats fine 16:53 * jjohansen will coordinate with tyhicks and sbeattie to get more testing of a couple of fixes I pushed out last week 16:54 <jjohansen> I'll dump a bunch of kernel and parser patches for sarnold to review 16:55 <jjohansen> hrmmm, I have some compatibility patches to update for 3.10, and 3.11 but some how I don't think I will get to that this week 16:57 <jjohansen> to preempt jdstrand's question on how ipc is going, its slow once I get a major crash bug fixed we should be able to start playing with several parts of it this week 16:57 <jdstrand> well, I wasn't going to ask this week-- you only worked last friday :) 16:57 <jjohansen> that is other people can start playing with 16:57 <jdstrand> jjohansen: but thanks! that sounds agreat :) 16:57 <jjohansen> oh? I did? 16:58 <jdstrand> jjohansen: ok, I was only aware that you worked one day last week 16:58 <jdstrand> jjohansen is a sneaky one 16:58 <jjohansen> vacation was last week? sigh that is so depressing 16:58 <sarnold> take two they're small 16:59 <jjohansen> alright so it feels like Its been a few weeks since vacation, anyways thats it for me sarnold your up 16:59 <sarnold> I'm on community this week 17:00 <sarnold> I'm also on MIR duty this week, I'm the blocker for six or seven audits. 17:01 <sarnold> and I've got an apparmor parser patch to prepare for SRU for precise, the features buffer size problem -- and I'm curious if I should prepare packages for all releases or just precise, which is the current problem for kernel team preparing saucy-on-precise LTS kernels.. 17:02 <jjohansen> sarnold: precise is the important one 17:02 <sarnold> jjohansen: okay, sounds good to me :) 17:02 <sarnold> will any saucy-kernel installed on precise poke the problem? 17:03 <jjohansen> sarnold: if you find yourself without something to do poking the other releases would be nice 17:03 <jjohansen> sarnold: yes it will 17:03 <sarnold> jjohansen: oh I don't think I'll be in that position this week, feature freeze is soon and I owe a lot of people ACKs or NACKs on MIRs.. 17:03 <sarnold> jjohansen: cool. thanks :) 17:04 <jjohansen> err, that is any saucy kernel after the alpha4 apparmor sync, so all future saucy kernels 17:05 <sarnold> jjohansen: would e.g. 3.11.0-3.8 do the job? 17:06 <jjohansen> sarnold: yes that kernel will cause things to fail nicely 17:07 <sarnold> jjohansen: woot! \o/ 17:07 <sarnold> okay, I think that's me finished, and chrisccoulson has time'd out, so jdstrand, back to you 17:13 <jdstrand> thanks, sorry, got pulled aside 17:13 <jdstrand> [TOPIC] Highlighted packages 17:13 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:14 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:14 <jdstrand> normally at this point I would provide a list of packages, but python-apt broke UCT so I don't have them atm. 17:14 <jdstrand> I will update https://wiki.ubuntu.com/SecurityTeam/HighlightedPackages once I fix that 17:14 <jdstrand> [TOPIC] Miscellaneous and Questions 17:14 <jdstrand> Does anyone have any other questions or items to discuss? 17:24 <jdstrand> sbeattie, tyhicks, jjohansen, sarnold: thanks! 17:24 <jdstrand> #endmeeting