[apparmor] Question on script profile permissions
Christian Boltz
apparmor at cboltz.de
Thu Jul 31 21:28:24 UTC 2014
Hello,
Am Mittwoch, 30. Juli 2014 schrieb Steve Beattie:
> All that said, it strikes me as a low priority issue, although I do
> have the nagging feeling there's a threat here with not requiring a
Indeed, we should require the interpreter to be in the profile (or in
abstractions/$interpreter), and I'm surprised it's not required.
> permission that I can't quite articulate.
Maybe the following script helps you to articulate it ;-)
#!/bin/rm -r /
echo "Hello World!"
You better have a tight profile while testing this "Hello World" script
;-)
Regards,
Christian Boltz
PS: the script is untested, and I don't recommend to test it ;-)
--
IcH fInDe AuCh, dAsS eS nIcHt So WiChTig IsT, eInEn TeXt In KoRrEcKtEr
gRoSs- Und KlEiNsChReIbUnG zU vErFaSsEn, Da DiEs DeR LeSbArKeIt KaUm
AbBrUcH tUt UnD zUdEm AuSdRuCk MeInEr InDiViDuAlItAeT iSt.
[Joachim Kromm in dsnu]
More information about the AppArmor
mailing list