Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11] security: AppArmor - Overview

From: Ken Brush
Date: Wed Apr 26 2006 - 19:06:16 EST

Next message: Dan Smith: "Re: [dm-devel] [RFC] dm-userspace"
Previous message: Mark Lord: "Re: [PATCH] drivers/scsi/sd.c: fix uninitialized variable in handlingmedium errors"
In reply to: Neil Brown: "Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Andi Kleen: "Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/26/06, Neil Brown <neilb@xxxxxxx> wrote:
>
> I feel we have reached the stage where the questions/comments being
> made are actually directly relevant to AppArmor. I'm afraid I cannot
> proceed any further now because I am not a security expert.
>
> I would like to summarise what I think are the key points that you
> have raised, and hope that someone who has a deeper understanding of
> these things might answer them, or point to answers.
>
> 1/ Does AppArmor's primary mechanism of confining an application to a
> superset of it's expected behaviour actually achieve its secondary
> gaol of protecting data?
>
> Possibly it would be better to ask "When does ..." as I think it is
> easy to imagine application/profile pairs that clearly cannot allow
> harm, and application/profile pairs that clearly could allow harm.

Depends on the data. A properly constrained Apache webserver would be
prevented from accessing data it shouldn't.

> 2/ What advantages does AppArmor provide over techniques involving
> virtualisation or gaol mechanisms? Are these advantages worth
> while?

If you just wish to run every application in a chrooted jail. Would
you still need a MAC solution?

> 3/ Is AppArmour's approach of using d_path to get a filename from a
> dentry valid and acceptable? If not, how can it get a path? Can
> suitable hooks be provided so that AppArmor can get a path in an
> acceptable way at the times when that is meaningful?

I'll leave this for the others...

> I believe that these are all good questions. The last one is the only
> one that it really relevant to linux-kernel I believe, however answers
> to the first two might tell us how important it is to answer that last
> one.
>
> Thanks for your input.
>
> NeilBrown
>
[snipped]

-Ken
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Smith: "Re: [dm-devel] [RFC] dm-userspace"
Previous message: Mark Lord: "Re: [PATCH] drivers/scsi/sd.c: fix uninitialized variable in handlingmedium errors"
In reply to: Neil Brown: "Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Next in thread: Andi Kleen: "Re: Some Concrete AppArmor Questions - was Re: [RFC][PATCH 0/11] security: AppArmor - Overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]