Alan Cox wrote:
It is funny that I read this question when I was going to look at
AppArmor myself.
I read an article about AppArmor finding that Skype on Linux reads
/etc/passwd and firefox settings today. Did Selinux stop this from
happening as well?
http://forum.skype.com/index.php?showtopic=95261
I like SELINUX and will continue using it.
The passwd file isn't considered secret in any way. Its public readable
data. The /etc/shadow file holds passwords and is root only.
You can certainly set skype up not to be allowed anywhere near your
firefox settings (my guess is its looking for an address book to import
or plugin data nothing too sinister).
The problem with stuff like apparmor is you can say things like
"/etc/passwd" is not accessible to program XYZ. But program XYZ can then
do things to access it via another path (eg by renaming a copy of itself
".eric" and adding that to your .profile). SELinux puts labels on actual
objects, not on paths so renaming itself .eric doesn't help, nor does
finding another path to /etc/passwd (eg by running a program to create a
link).
What happens when you use an editor on some file that is supposed to be
protected, and the editor renames the old file and creates a new one
with the old contents and your changes? Wouldn't the SELinux approach
protect only the old copy?
--
Les Mikesell
lesmikesell@xxxxxxxxx
