From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Johansen <jjohansen@suse.de>
Subject: Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
Date: Mon, 16 Apr 2007 13:56:12 -0700
Message-ID: <20070416205612.GA4030@suse.de>
References: <20070412090809.917795000@suse.de> <20070412090849.465428000@suse.de> <p733b35903l.fsf@bingen.suse.de> <200704151621.52906.agruen@suse.de> <20070416062708.GA14641@one.firstfloor.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q"
Cc: Andreas Gruenbacher <agruen@suse.de>, jjohansen@suse.de,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, chrisw@sous-sol.org
To: Andi Kleen <andi@firstfloor.org>
Return-path: <linux-security-module-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <20070416062708.GA14641@one.firstfloor.org>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org


--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 16, 2007 at 08:27:08AM +0200, Andi Kleen wrote:
> > It's nice to check for consistency though, so we're adding that. Profil=
e=20
> > loading is a trusted operation, at least so far, and so security wise w=
e=20
> > don't actually have to care --- if loading an invalid profile can bring=
 down=20
> > the system, then that's no worse than an arbitrary module that crashes =
the=20
> > machine. Not sure if there will ever be user loadable profiles; at leas=
t at=20
> > that point we had to care.
>=20
> A security system that allows to crash the kernel is a little weird=20
> though. It would be better to check. Not that a recursion check
> is particularly expensive.
>=20
Indeed.  It will be fixed in the next rev.

thanks
john


--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFGI+Lsi/GH5xuqKCcRAo/WAJ41H0KTy9tYDUzYmtOp0fNp+4oZ/gCcDB4u
QB/zbUDpIInmG+L73hJwof4=
=mWyw
-----END PGP SIGNATURE-----

--ikeVEW9yuYc//A+q--