[ubuntu-hardened] AppArmor for Ubuntu

Thomas Bleher bleher at informatik.uni-muenchen.de
Wed Mar 1 01:09:09 GMT 2006


* Crispin Cowan <crispin at novell.com> [2006-03-01 01:41]:
> cwarner wrote:
> >  There
> > are projects in the works and policy editors being created for Selinux.
> > This approach really isn't that different at all. As it all boils down
> > to policy.
> >   
> Except for the fundamental difference between path name based access
> controls and label based access controls. The label based scheme in
> SELinux makes it much more difficult to build an automated policy generator.

Obvious question: How do you handle hardlinks?
How do you prevent a malicious program running as root from reading
/etc/shadow if the file is linked to /tmp/innocent and the program is
allowed to read files under /tmp?

Bonus question: What about multiple namespaces (see the newly merged
unshare() system call)? Does AppArmor deal with the case that /tmp/foo
may be a different file depending on the process you look at?

Path-based schemes do have their appeal but I wonder how you solve the
issues above. I couldn't find any information about this so I'd
appreciate your comments.

Thomas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20060301/e67c2795/attachment.pgp


More information about the ubuntu-hardened mailing list