On Wed, 19 Apr 2006 17:19:04 PDT, Crispin Cowan said: > [email protected] wrote: > > In other words, it's quite possible to accidentally introduce a vulnerability > > that wasn't exploitable before, by artificially restricting the privs in a way > > the designer didn't expect. So this is really just handing the sysadmin > > a loaded gun and waiting. > > > While that is true of the voluntary model of acquiring and dropping > privs, it is not true of AppArmor containment, which will just not give > you the priv if it is not in your policy. The threat model is that you can take a buggy application, and constrain its access to priv A in a way that causes a code failure that allows you to abuse an unconstrained priv B.
Attachment:
pgpMnuYp1gZki.pgp
Description: PGP signature
- Follow-Ups:
- References:
- [RFC] packet/socket owner match (fireflier) using skfilter
- From: Török Edwin <[email protected]>
- [RFC][PATCH 2/7] implementation of LSM hooks
- From: Török Edwin <[email protected]>
- Re: [RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Török Edwin <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Stephen Smalley <[email protected]>
- Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
- From: Christoph Hellwig <[email protected]>
- Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: James Morris <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Greg KH <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Alan Cox <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Crispin Cowan <[email protected]>
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: [email protected]
- Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- From: Crispin Cowan <[email protected]>
- [RFC] packet/socket owner match (fireflier) using skfilter
- Prev by Date: Re: [libata] atapi_enabled problem
- Next by Date: Re: Which process is associated with process ID 0 (swapper)
- Previous by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Next by thread: Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)
- Index(es):
 |