On Llu, 2006-04-24 at 15:26 +0200, Andi Kleen wrote:
> On Monday 24 April 2006 15:11, Joshua Brindle wrote:
>
> > Sure but if, instead, it's able to open /var/chroot/etc/shadow which is
> > a hardlink to /etc/shadow you've bought nothing. You may filter out
> > worms and script kiddies this way but in the end you are using obscurity
> > (of filesystem layout, what the policy allows, how the apps are
> > configured, etc) for security, which again, leads to a false sense of
> > security.
>
> AppArmor disallows both chroot and name space changes for the constrained
> application so the scenario you're describing cannot happen. What happens
> with unconstrained applications it doesn't care about by design.
>
> This has been covered several times in this thread already - please pay
> more attention.
There is a much simpler answer anyway, sit in a loop trying to
open /etc/shadow~ and wait for someone to change password. All the
problems about names remain because of links anyway.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
