On Mon, Apr 17, 2006 at 06:44:51PM -0700, Gerrit Huizenga wrote:
>
> On Mon, 17 Apr 2006 23:55:25 BST, Christoph Hellwig wrote:
> > On Mon, Apr 17, 2006 at 03:15:29PM -0700, Gerrit Huizenga wrote:
> > > configure correctly that most of them disable it. In theory, LSM +
> > > something like AppArmour provides a much simpler security model for
> >
> > apparmor falls into the findamentally broken category above, so it's
> > totally uninteresting except as marketing candy for the big red company.
>
> Is there a pointer to why it is fundamentally broken? I haven't seen
> such comments before but it may be that I've been hanging out on the
> wrong lists or spending too much time inhaling air at 30,000 feet.
It's doing access control on pathnames, which can't work in unix enviroments.
It's following the default permit behaviour which causes pain in anything
security-related (compare [1]).
[1] http://www.ranum.com/security/computer_security/editorials/dumb/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]