[apparmor] Questions about apparmor
fykcee1 at gmail.com
fykcee1 at gmail.com
Sun Dec 5 14:18:58 GMT 2010
Hi all,
Apparmor seems quite interesting, and I have got some questions about
apparmor:
1. If an access permitted path is a symbol link, will a confined program
with this profile be able to access it (i.e. can access the inode pointed by
the symbol link)?
2. How to restrict "change_profile"? A program may change_profile to
a privilege-less profile, then can injected malicious code calls
change_profile to a more privileged profile?
3. Does it make sense to implement "per code segment profile"? i.e.
attach each executable VMA with a profile. Then it can make profiles for
libraries -- any program calls into a library, will apply the library's
profile (just like a implicit change_hat, should take care of static link
case, need a modified ld?). This can also be done by including profiles
provided by libraries, and call change_hat appropriately, but not
convenient.
--
Regards,
- cee1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/apparmor/attachments/20101205/6709de55/attachment.htm
More information about the AppArmor
mailing list