Re: AppArmor FAQ

On Tue, 2007-04-17 at 13:19 -0700, Casey Schaufler wrote:
> --- Andi Kleen <[email protected]> wrote:
> > > although this can often be done with PAM plugins, which is a standard way 
> > > to do this kind of thing in modern Unix & Linux OSs.
> > 
> > PAM plugins in vi and emacs? Scary idea.
> > 
> > And what do you do if someone decides to use OpenOffice to edit their
> > /etc/resolv.conf? For a lot of people that's the only text editor 
> > they know.
> 
> For SELinux to be effective it has to have a complete policy definition.
> This would prevent the OpenOffice access (unless OpenOffice is in the
> modify_resolv_conf_t domain) above.
> 
> This, by the way, is a fundimental advantage of a path scheme over a
> label scheme in that label schemes require every object be labeled
> (it's Section 3.1.1.3 of the TCSEC if you want to look it up) while a
> path scheme (in the absences of a published requirement) only requires
> those names it cares about. SELinux in the absence of a correct and
> complete policy could be considered dangerous.
> 

This is wildly untrue (as I believe you know Casey). The effectiveness
of SELinux is certainly diminished by not confining all applications,
but that in no way makes it dangerous. It simply means that certain
aspects of the security are no longer guaranteed by the policy but
instead rely on application correctness. SELinux still offers useful
protections against a variety security threats in a targeted
configuration.

This is in contrast to a security mechanism that is path based and
doesn't control all accesses which can make _no_ guarantees about any
security goals. 

Karl

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: AppArmor FAQ
    • From: Casey Schaufler <[email protected]>

• References:
  • Re: AppArmor FAQ
    • From: Casey Schaufler <[email protected]>

• Prev by Date: Re: Loud "pop" coming from hard drive on reboot
• Next by Date: Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]
• Previous by thread: Re: AppArmor FAQ
• Next by thread: Re: AppArmor FAQ
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]