Ubuntu Install Fest etc.

[Yuriy Kozlov]

On Dec 10, 2007 8:42 PM, Caleb Marcus <caleb.marcus at gmail.com> wrote:
>
>  On Mon, 2007-12-10 at 19:45 -0500, Martin Owens wrote:
>  > I just wanted to point out that AppArmor really isn't protecting much of
> > anything yet in Ubuntu... I believe it's only enabled for several
> packages.
> > It's possible to generate your own AppArmor profiles, but until they start
> > making profiles for all the apps included by default, AppArmor isn't
> really
> > solving any problems.
>
> It is enabled and does prevent applications from running, just ask
> people who want to play A tale in the Desert; it's currently just
> preventing execution of archived code, but if the threat appeared it
> would be quickly put into service fully.
>
> Best Regards, Martin Owens
>
>  So, if a threat were to arise, they'd release some sort of update that
> would put new policy in place? The problem is that it seems that
> apparmor-profiles is in universe and isn't installed by default... it seems
> that they sorta limited their ability to stop attacks through apparmor
> updates because the profiles package through which they would probably
> release the updates is installed manually.
>

I think it's basically that AppArmor isn't fully implemented yet in
Ubuntu.  The current stuff is just kind of "building up" to it.  It's
not so much a matter of when threats will arise but a when there's an
ubuntu release with complete AppArmor profiles.  And even then
complete doesn't mean protecting every application.

I don't know anything about AppArmor, but I'm assuming AppArmor is
basically similar to SELinux.  SELinux is implemented on Red Hat EL,
but the default profile used is "targetted" where there are SELinux
profiles for a specific set of applications that are considered
potential security holes, mostly server applications.  I think these
mostly prevent against remote attacks, not so much viruses.
~ Yuriy