On Tue, 29 May 2007, Pavel Machek wrote:
Hi!
If we want "/etc/shadow" to be the only way to access the shadow file
we could label the data with "/etc/shadow". Any attempts to access
this data using a renamed file or link would be denied (attempts to
link or rename could also be denied).
Eloquently put.
AppArmor actually does something similar to this, by mediating all of
the ways that you can make an alias to a file. These are:
...
* Hard links: AppArmor explicitly mediates permission to make a hard
Unfortunately, aparmor is by design limited to subset of distro
(network daemons). Unfortunately, some other programs (passwd, vi)
routinely make hardlinks. So AA mediating hardlink is not enough, as
vi will happily hardlink /etc/shadow into /etc/.vi-shadow-1234.
but with the AA design of default deny this isn't a big problem unless you
specificly allow some network daemon to access /etc/.vi-shadow-1234
in this context passwd and vi are considered trusted processes, they are
used _after_ you authenticate onto the box.
no, this won't help you much against local users, but there are a _lot_ of
boxes out there with few, if any, local users who don't also have the root
password. AA helps the admin be safer when configuring netwrok daemons.
David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]