About Ubuntu security

Kees Cook kees at ubuntu.com
Wed Aug 1 00:57:24 UTC 2007

On Tue, Jul 31, 2007 at 09:39:28AM -0700, Ng, Cheon-woei wrote:
> I meant in general, a device driver has access to all of kernel memory.
> Actually I am not aware of /dev/mem exploit; I will need to do some
> research. : )  

Right, you are correct about the design of the Linux kernel drivers.
The /dev/mem issue is that programs that write to /dev/mem need to be
limited to only a small region of all kernel memory (to access video
devices, as I understand it).  I haven't looked into this in any depth

> About AppArmor, it is ready to use?  What profiles are available now?
> Will there be any utilities?  

I will let Mathias answer this in more detail, but yes, it is ready for
testing (if you're testing the Gutsy development cycle -- I would urge
you to do so if you're interested in AppArmor).

For profiles, see the contents of the "apparmor-profiles" package:


All the regular AppArmor utilities are available.  There are plans for
GUI tools: https://wiki.ubuntu.com/SecurityModuleAdminTool

For more details: https://help.ubuntu.com/community/AppArmor


Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20070731/6ac4363a/attachment.pgp>

More information about the ubuntu-server mailing list