Re: [RFC][PATCH 0/11] security: AppArmor - Overview

[James Carter]

On Tue, 2006-04-25 at 18:10 +1000, Neil Brown wrote:
> I have a knife with which to eat my dinner, but the moment I move
> it more than 10cm from my plate, a robotic hand reaches out and
> immobilised my hand and hence the knife.  Who is being protected?
> 
> Not me I guess, because the sinful desire to kill has already taken
> over my brain, though maybe I am being protected from life in prison
> for murder.
> 
> Not you because you could still come and jump onto my knife and impale
> yourself, or someone could grab your arm and drag your wrist along the
> blade spilling much of your blood.
> 
> So maybe nobody is being protected.  But somehow, fewer people die
> when the robot arm is active.
> 
> This is how AppArmor works.  It doesn't try to guarantee that no file
> will be corrupted or leak.  It doesn't try to ensure that no bug can ever
> be exploited.  But it does try to minimise harm.  And it succeeds.
> 
> And remember, the robot didn't grab the knife.  It grabbed my hand.
> That is a bit like checking pathnames rather than inodes.  It doesn't
> provide a guarantee of "knife will not enter a body" just as AppArmor
> doesn't guarantee that "file will not be changed".  But is still tends
> to produce the desired result.

I talk to one of the unconfined people at the table and ask them to
rename the "knife" to "spoon".  Now I am free to do what I wish.

You don't care about the name "knife", you care about the object it
represents.

-- 
James Carter <jwcart2@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/