lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <770093.5988.qm@web36601.mail.mud.yahoo.com>
Date:	Fri, 25 May 2007 12:06:19 -0700 (PDT)
From:	Casey Schaufler <casey@...aufler-ca.com>
To:	Jeremy Maitin-Shepard <jbms@....edu>
Cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook


--- Jeremy Maitin-Shepard <jbms@....edu> wrote:

> ...
> Well, my point was exactly that App Armor doesn't (as far as I know) do
> anything to enforce the argv[0] convention,

Sounds like an opportunity for improvement then.

> nor would it in general
> prevent a confined program from making a symlink or hard link.  Even
> disregarding that, it seems very fragile in general to make an suid
> program (there would be no point in confining the execution of a
> non-suid program) perform essentially access control based on argv[0].

I think that you're being generous calling it fragile, but that's
my view, and I've seen much worse. I agree that it would be a Bad Idea,
but the fact that I think it's a bad idea is not going to prevent very
many people from trying it, and for those that do try it name based
access control might seem like just the ticket to complete their
nefarious schemes. Remember that security is a subjective thing, and
using argv[0] and AppArmor together might make some people feel better.



Casey Schaufler
casey@...aufler-ca.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ