On Sat, 02 Jun 2007 04:30:30 -0000, David Wagner said: > I don't find the Windows stuff too relevant here. I'm surprised. The only Windows-specific thing in the whole paragraph is that the attack described is currently wildly successful. And there *have* been known exploitable bugs in the Linux version of Firefox. In other words, all the pieces are in place for exactly the same thing to work on Linux. The type of hardening that AppArmor can provide network-facing daemons is only protecting the system against attacks that aren't even a large part of the threat model. Exploiting a broken PHP script? Happens all the time, and AppArmor can't do much for it. SQL injection? Happens all the time, and it can't help much there either. Systems getting pwned because the sysadmin's laptop got hacked? Pretty common, and another thing that AppArmor won't slow down. But yes, I *will* grant that the next time there's a buffer overflow in Apache, AppArmor will be able to help *that*.... > As I understand it, > AppArmor isn't aimed at defending Windows desktop users; it is aimed at > defending Linux servers. A pretty different environment, I'd say. The only reason you're not seeing the same exact threat model against Linux servers is because it's still a minority. It's *always* been true that one of the most productive attacks on a server has been to find a desktop that you can attack, and then abuse a trust relationship from the desktop to the server (and has been, ever since the server was a IBM mainframe and the desktop was an RJE station. Amazing how trusting OS/360 was of a card deck tossed into a remote card reader... :) > Ultimately, there are some things AppArmor may be good at, and there > are also sure to be some things it is bloody useless for. My hammer > isn't very good for screwing in screws, but I still find it useful. The question is whether it's a hammer, a screwdriver, or that coping saw that you never seem to find a use for... > I confess I don't understand the kvetching about AppArmor's goals. > What are you expecting, some kind of silver bullet? Exactly the opposite - I'm worried that it will be treated as a silver bullet. And historically, we've had an amazing amount of pushback againt things that are intrusive and only provide a partial solution.
Attachment:
pgpeQvOcInzvU.pgp
Description: PGP signature
- Follow-Ups:
- References:
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: Casey Schaufler <[email protected]>
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: [email protected] (David Wagner)
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: Pavel Machek <[email protected]>
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: [email protected]
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- From: [email protected] (David Wagner)
- Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Prev by Date: Re: Kernel utf-8 handling
- Next by Date: Re: Kernel utf-8 handling
- Previous by thread: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Next by thread: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
- Index(es):