Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM hook
From: Pavel Machek
Date: Fri Jun 08 2007 - 16:34:58 EST
(Please preserve cc lists when replying on l-k).
> >Experience over on the Windows side of the fence indicates that "remote bad
> >guys get some local user first" is a *MAJOR* part of the current real-world
> >threat model - the vast majority of successful attacks on end-user boxes these
> >days start off with either "Get user to (click on link|open attachment)" or
> >"Subvert the path to a website (either by hacking the real site or hijacking
> >the DNS) and deliver a drive-by fruiting when the user visits the page".
> AppArmor isn't trying to defend everyday users from getting phished or
> social engineered; it is trying to protect servers from getting rooted
> because of security holes in their network daemons. I find that a
> laudable goal. Sure, it doesn't solve every security problem in the
> world, but so what? A tool that could solve that one security problem
AA solves less problems than SELinux does. Some people like AA more,
but I guess they should just learn SELinux.
And yes, I'm afraid this discussion is relevant on l-k, because we
should have very good reasons before merging duplicate functionality.
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/