| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Apr 11 02:59:45 2006 From: crispin at novell.com (Crispin Cowan) Subject: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton wrote: > Does cap_setuid give a program enough authority to break out of the > AppArmor profile? > No, cap_setuid is not sufficient. In fact, being full root is not sufficient to break out of AppArmor confinement. Rood daemons being one of the greatest threats to the system, AppArmor would not be very useful if it could not confine root. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Powered by blists - more mailing lists