Re: [RFC][PATCH 0/11] security: AppArmor - Overview

Joshua Brindle wrote:

Andi Kleen wrote:

On Monday 24 April 2006 15:11, Joshua Brindle wrote:

Sure but if, instead, it's able to open /var/chroot/etc/shadow which is a hardlink to /etc/shadow you've bought nothing. You may filter out worms and script kiddies this way but in the end you are using obscurity (of filesystem layout, what the policy allows, how the apps are configured, etc) for security, which again, leads to a false sense of security.

AppArmor disallows both chroot and name space changes for the constrained application so the scenario you're describing cannot happen. What happens

with unconstrained applications it doesn't care about by design.

This has been covered several times in this thread already - please pay
more attention.

I was paying attention, thank you. Can apparmor force an application to only start within a certain chroot? So it may not be able to chroot during runtime but if you can't be sure that it starts in the chroot the argument still applies. Particularly since the app may not even fail to run outside the chroot given that it will have access to all the same libraries, etc it did inside (due to the paths being the same).

To make this much more real, the /usr/sbin/named policy that ships with apparmor has the following line:

/** r,

Thats right, named can read any file on the system, I suppose this is because the policy relies on named being chrooted. So if for any reason named doesn't chroot its been granted read access on the entire filesystem. If I'm misunderstanding this policy please correct me but I believe this shows the problem very loudly and clearly.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: [email protected]
  • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Tony Jones <[email protected]>

• References:
  • [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Tony Jones <[email protected]>
  • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Neil Brown <[email protected]>
  • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Joshua Brindle <[email protected]>
  • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Andi Kleen <[email protected]>
  • Re: [RFC][PATCH 0/11] security: AppArmor - Overview
    • From: Joshua Brindle <[email protected]>

• Prev by Date: Re: [RFC] [PATCH] Make ACPI button driver an input device
• Next by Date: Re: [Alsa-devel] Re: ALSA regression: oops on shutdown
• Previous by thread: Re: [RFC][PATCH 0/11] security: AppArmor - Overview
• Next by thread: Re: [RFC][PATCH 0/11] security: AppArmor - Overview
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]