| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f5mn67$4d4$2@taverner.cs.berkeley.edu> Date: Sun, 24 Jun 2007 21:20:07 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching James Morris wrote: >The point is that the pathname model does not generalize, and that >AppArmor's inability to provide adequate coverage of the system is a >design issue arising from this. I don't see it. I don't see why you call this a design issue. Isn't this just a case where they haven't gotten around to implementing network and IPC mediation yet? How is that a design issue arising from a pathname-based model? For instance, one system I built (Janus) provided complete mediation, including mediation of network and IPC, yet it too used a pathname model for its policy file when describing the policy for the filesystem. That seems to contradict your statement. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists