On Mon, Apr 16, 2007 at 08:27:08AM +0200, Andi Kleen wrote: > > It's nice to check for consistency though, so we're adding that. Profile > > loading is a trusted operation, at least so far, and so security wise we > > don't actually have to care --- if loading an invalid profile can bring down > > the system, then that's no worse than an arbitrary module that crashes the > > machine. Not sure if there will ever be user loadable profiles; at least at > > that point we had to care. > > A security system that allows to crash the kernel is a little weird > though. It would be better to check. Not that a recursion check > is particularly expensive. > Indeed. It will be fixed in the next rev. thanks john
Attachment:
pgp9MFJQVcdSd.pgp
Description: PGP signature
- References:
- [AppArmor 00/41] AppArmor security module overview
- From: [email protected]
- [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
- From: [email protected]
- Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
- From: Andi Kleen <[email protected]>
- Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
- From: Andreas Gruenbacher <[email protected]>
- Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
- From: Andi Kleen <[email protected]>
- [AppArmor 00/41] AppArmor security module overview
- Prev by Date: Re: [PATCH 2/7] [RFC] Common power driver for Linux gadgets
- Next by Date: [PATCH 2/2] wistron_btns: add led support
- Previous by thread: Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
- Next by thread: Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching
- Index(es):
 |