Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Lars Marowsky-Bree
Date: Mon Apr 24 2006 - 04:10:41 EST

Next message: Lars Marowsky-Bree: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Previous message: Pavel Machek: "Re: [PATCH] off-by-1 in kernel/power/main.c"
In reply to: Arjan van de Ven: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Seth Arnold: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2006-04-24T09:14:58, Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:

> does apparmor at least (offer) to kill the app when this happens?
> (rationale: the app is hijacked, better kill it before it goes to do
> damage)

Heh, that was just my question to Crispin this morning, because that's
what I'd prefer too.

Not just for security, but simply because experience shows that error
paths are not well auditted in general; even if it doesn't cause
privilege escalation, I prefer if it doesn't shred the data it is
allowed to access by hitting a misconfiguration in my profile...

--
High Availability & Clustering
SUSE Labs, Research and Development
SUSE LINUX Products GmbH - A Novell Business -- Charles Darwin
"Ignorance more frequently begets confidence than does knowledge"

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lars Marowsky-Bree: "Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks"
Previous message: Pavel Machek: "Re: [PATCH] off-by-1 in kernel/power/main.c"
In reply to: Arjan van de Ven: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Seth Arnold: "Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]