| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Nov 2007 22:04:55 +0000 From: "Dr. David Alan Gilbert" <linux@...blig.org> To: Crispin Cowan <crispin@...spincowan.com> Cc: Arjan van de Ven <arjan@...radead.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, LSM ML <linux-security-module@...r.kernel.org>, apparmor-dev <apparmor-dev@...ge.novell.com> Subject: Re: AppArmor Security Goal * Crispin Cowan (crispin@...spincowan.com) wrote: <snip> > * Manipulating AppArmor policy requires being both root privileged > and not being confined by AppArmor, thus there is explicitly no > capability for non-privileged users to change AppArmor policy. It's a pity that there is no way to do this; it would be nice to restrict web browsers, document editors etc but allow them to access the places you commonly store documents etc. Similarly I'd like to be able to split applications so that the 'preferences' editing facilities are done by separate envrionments so that there is no way that a fault in parsing external data could edit the config (e.g. change home page or proxy in a browser or default document in an editor). Dave -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux on Alpha,68K| Happy \ \ gro.gilbert @ treblig.org | MIPS,x86,ARM,SPARC,PPC & HPPA | In Hex / \ _________________________|_____ http://www.treblig.org |_______/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists