From: Pavel Machek <pavel@ucw.cz>
To: Crispin Cowan <crispin@novell.com>
Cc: James Morris <jmorris@namei.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Andi Kleen <andi@firstfloor.org>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Subject: Re: AppArmor FAQ
Date: Sat, 9 Jun 2007 23:01:51 +0200 [thread overview]
Message-ID: <20070609210151.GB6663@elf.ucw.cz> (raw)
In-Reply-To: <4626746A.9010701@novell.com>
Hi!
> >> I'm not sure if AppArmor can be made good security for the general case,
> >> but it is a model that works in the limited http environment
> >> (eg .htaccess) and is something people can play with and hack on and may
> >> be possible to configure to be very secure.
> >>
> > Perhaps -- until your httpd is compromised via a buffer overflow or
> > simply misbehaves due to a software or configuration flaw, then the
> > assumptions being made about its use of pathnames and their security
> > properties are out the window.
> >
> How is it that you think a buffer overflow in httpd could allow an
> attacker to break out of an AppArmor profile? This is exactly what
> AppArmor was designed to do, and without specifics, this is just
> FUD.
No, it is not, I already broke AppArmor once, and it took me less then
one hour.
Give me machine with root shell, and make app armor permit everything
but reading /etc/secret.file. AppArmor is not designed for this, but
if you want to claim your solution works, this looks like a nice test.
Actually, give password to everyone, and see who breaks it first.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2007-06-09 21:01 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-16 21:33 AppArmor FAQ John Johansen
2007-04-17 0:20 ` James Morris
2007-04-17 15:03 ` David Safford
2007-04-17 16:00 ` Karl MacMillan
2007-04-17 18:05 ` Andi Kleen
2007-04-17 17:47 ` James Morris
2007-04-17 18:10 ` Andi Kleen
2007-04-17 20:19 ` Casey Schaufler
2007-04-17 20:50 ` James Morris
2007-04-17 21:16 ` Andi Kleen
2007-04-17 21:41 ` Karl MacMillan
2007-04-17 22:12 ` Andi Kleen
2007-04-17 22:29 ` Karl MacMillan
2007-04-17 21:58 ` Alan Cox
2007-04-18 13:45 ` James Morris
2007-04-18 14:33 ` Shaya Potter
2007-04-18 19:41 ` Crispin Cowan
2007-04-18 20:03 ` Shaya Potter
2007-04-18 21:14 ` James Morris
2007-04-19 17:14 ` Stephen Smalley
2007-06-09 21:01 ` Pavel Machek [this message]
2007-06-09 21:28 ` david
2007-06-09 23:02 ` Pavel Machek
2007-06-10 0:06 ` david
2007-04-18 20:15 ` David Lang
2007-04-19 17:27 ` Stephen Smalley
2007-04-17 21:48 ` Karl MacMillan
2007-04-17 23:12 ` Casey Schaufler
2007-04-17 22:26 ` Karl MacMillan
2007-04-19 17:46 ` Stephen Smalley
2007-04-20 18:45 ` David Lang
2007-04-20 19:23 ` Karl MacMillan
2007-04-17 23:09 ` Crispin Cowan
2007-04-17 23:20 ` Karl MacMillan
2007-04-19 17:56 ` Stephen Smalley
2007-04-17 21:55 ` Karl MacMillan
2007-04-17 22:55 ` Crispin Cowan
2007-04-17 23:13 ` Karl MacMillan
2007-06-09 14:11 ` Pavel Machek
2007-04-18 7:21 ` Rob Meijer
2007-04-18 7:08 ` David Lang
2007-04-18 13:33 ` James Morris
2007-04-18 12:15 ` Joshua Brindle
2007-04-18 13:31 ` Casey Schaufler
2007-04-18 14:05 ` Rob Meijer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070609210151.GB6663@elf.ucw.cz \
--to=pavel@ucw.cz \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andi@firstfloor.org \
--cc=casey@schaufler-ca.com \
--cc=crispin@novell.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).