About Ubuntu security
Kees Cook
kees at ubuntu.com
Wed Aug 1 00:57:24 UTC 2007
On Tue, Jul 31, 2007 at 09:39:28AM -0700, Ng, Cheon-woei wrote:
> I meant in general, a device driver has access to all of kernel memory.
> Actually I am not aware of /dev/mem exploit; I will need to do some
> research. : )
Right, you are correct about the design of the Linux kernel drivers.
The /dev/mem issue is that programs that write to /dev/mem need to be
limited to only a small region of all kernel memory (to access video
devices, as I understand it). I haven't looked into this in any depth
yet.
> About AppArmor, it is ready to use? What profiles are available now?
> Will there be any utilities?
I will let Mathias answer this in more detail, but yes, it is ready for
testing (if you're testing the Gutsy development cycle -- I would urge
you to do so if you're interested in AppArmor).
For profiles, see the contents of the "apparmor-profiles" package:
http://packages.ubuntu.com/cgi-bin/search_contents.pl?word=apparmor-profiles&searchmode=filelist&case=insensitive&version=gutsy&arch=i386&page=1&number=all
All the regular AppArmor utilities are available. There are plans for
GUI tools: https://wiki.ubuntu.com/SecurityModuleAdminTool
For more details: https://help.ubuntu.com/community/AppArmor
-Kees
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070731/6ac4363a/attachment.pgp>
More information about the ubuntu-server
mailing list