Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 16, 2007 at 08:27:08AM +0200, Andi Kleen wrote:
> > It's nice to check for consistency though, so we're adding that. Profile 
> > loading is a trusted operation, at least so far, and so security wise we 
> > don't actually have to care --- if loading an invalid profile can bring down 
> > the system, then that's no worse than an arbitrary module that crashes the 
> > machine. Not sure if there will ever be user loadable profiles; at least at 
> > that point we had to care.
> 
> A security system that allows to crash the kernel is a little weird 
> though. It would be better to check. Not that a recursion check
> is particularly expensive.
> 
Indeed.  It will be fixed in the next rev.

thanks
john

Attachment: pgp9MFJQVcdSd.pgp
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux