[Bug 450250] Re: clamdscan says Access denied. ERROR on all files
Jamie Strandboge
jamie at ubuntu.com
Wed Oct 21 12:07:44 UTC 2009
The security benefit is not questionable-- clamav has historically had
*many* CVEs, some of which result in arbitrary code execution. AppArmor
mitigates this risk of running clamav and protects the user from known
and as-yet-unknown vulnerabilities in clamav.
The AppArmor profile is intended to work in common usage scenarios, and if this is a common usage scenario, then perhaps adding:
/** r,
would be ok. I'll let the clamav maintainers decide if this is worth it.
Keep in mind, only DAC will protect against arbitrary reads, and since
clamav does run as its own user, this should be enough for the sensitive
files I mentioned, /etc/shadow, etc. This still protects against
arbitrary could execution, but does weaken the profile somewhat.
Chris mentioned that people are having quite a few problems with this.
This is the first bug I've seen against clamdscan. If people want these
things fixed, they must let developers know by filing bugs.
--
clamdscan says Access denied. ERROR on all files
https://bugs.launchpad.net/bugs/450250
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list