lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 8 Jun 2007 20:24:01 +0000
From:	Pavel Machek <pavel@....cz>
To:	David Wagner <daw-usenet@...erner.cs.berkeley.edu>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook

Hi!

(Please preserve cc lists when replying on l-k).

> >Experience over on the Windows side of the fence indicates that "remote bad
> >guys get some local user first" is a *MAJOR* part of the current real-world
> >threat model - the vast majority of successful attacks on end-user boxes these
> >days start off with either "Get user to (click on link|open attachment)" or
> >"Subvert the path to a website (either by hacking the real site or hijacking
> >the DNS) and deliver a drive-by fruiting when the user visits the page".
> 
> AppArmor isn't trying to defend everyday users from getting phished or
> social engineered; it is trying to protect servers from getting rooted
> because of security holes in their network daemons.  I find that a
> laudable goal.  Sure, it doesn't solve every security problem in the
> world, but so what?  A tool that could solve that one security problem

AA solves less problems than SELinux does. Some people like AA more,
but I guess they should just learn SELinux.

And yes, I'm afraid this discussion is relevant on l-k, because we
should have very good reasons before merging duplicate functionality.

							Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists