change coming with maverick's 2.6.34-5 kernels
Kees Cook
kees at ubuntu.com
Tue Jun 1 18:19:56 BST 2010
On Tue, Jun 01, 2010 at 06:07:02PM +0100, Matthew Garrett wrote:
> On Tue, Jun 01, 2010 at 10:03:27AM -0700, Kees Cook wrote:
>
> > Both AppArmor and SELinux contain PTRACE within a given profile/policy,
> > so yes, it is confined under those conditions. My concern is for stuff
> > that isn't covered by an LSM policy. A lot of those things tend to be
> > running on a desktop, as the same user, so this overlaps well.
>
> So isn't this just equivalent to changing your default LSM policy to
> forbid ptrace, except with less in the way of configurability? Doing it
> at the security policy lets you provide exceptions for the applications
> that need to have ptrace capabilities.
Correct, though some LSMs (e.g. AppArmor) do not have a "default policy",
and some Ubuntu systems don't run with any LSM, or run with no policy
(e.g. small devices) and those are the kinds of systems that probably
need the change most.
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list