Specify security attributes for configuration file entries
Description of the project: In this Google Summer of Code Project we want to introduce a simple way for maintainers to specify the relevance of individual configuration options. When the specification and the default option changes during an upgrade, a tool will merge options to achieve better quality attributes such as security. The main focus will be on having a tool to validate security attributes in configuration files, e.g. inform users if options such as ?ServerKeyBits of the openssh-server configuration file are considered insecure.
Confirmed Mentor: Markus Raab
How to contact the mentor: firstname.lastname@example.org
Confirmed co-mentors: None
Deliverables of the project: (1) Implement a specification for important Debian packages such as the openssh server. (2) Implement a tool that can validate if a configuration file is secure according to the specification.
Desirable skills: Very good C programming skills.
What the intern will learn: You will get contact to people involved in the Debian project. You will learn about Debian upgrade mechanism, especially how conffiles and ucf work. The long-term aim is to have better configuration upgrade experience that also takes quality attributes into account.
Related projects: Libelektra