[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <467B45E0.3040207@manicmethod.com>
Date: Thu, 21 Jun 2007 23:45:36 -0400
From: Joshua Brindle <method@...icmethod.com>
To: david@...g.hm
CC: Lars Marowsky-Bree <lmb@...e.de>,
Stephen Smalley <sds@...ho.nsa.gov>,
James Morris <jmorris@...ei.org>, Pavel Machek <pavel@....cz>,
Crispin Cowan <crispin@...ell.com>, Greg KH <greg@...ah.com>,
Andreas Gruenbacher <agruen@...e.de>, jjohansen@...e.de,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation,
pathname matching
david@...g.hm wrote:
> On Thu, 21 Jun 2007, Joshua Brindle wrote:
>
>> Lars Marowsky-Bree wrote:
>>> On 2007-06-21T16:59:54, Stephen Smalley <sds@...ho.nsa.gov> wrote:
>>> <snip>
>>>
>>>
>>> > Um, no. It might not be able to directly open files via that
>>> path, but
>>> > showing that it can never read or write your mail is a rather
>>> different
>>> > matter.
>>> >
>>> Yes. Your use case is different than mine.
>>>
>>
>> So.. your use case is what? If an AA user asked you to protect his
>> mail from his browser I'm sure you'd truthfully answer "no, we can't
>> do that but we can protect the path to your mail from your browser"..
>> I think not. One need only look at the wonderful marketing literature
>> for AA to see what you are telling people it can do, and your above
>> statement isn't consistent with that, sorry.
>
> remember, the policies define a white-list
>
Except for unconfined processes.
> so if a hacker wants to have mozilla access the mail files he needs to
> get some other process on the sysstem to create a link or move a file
> to a path that mozilla does have access to. until that is done there
> is no way for mozilla to access the mail through the filesystem.
>
> other programs could be run that would give mozilla access to the mail
> contents, but it would be through some other path that the policy
> permitted mozilla accessing in the first place.
>
Or through IPC or the network, that is the point, filesystem only
coverage doesn't cut it; there is no way to say the browser can't access
the users mail in AA, and there never will be.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists