Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Stephen Smalley <sds@...>

Cc: Lars Marowsky-Bree <lmb@...>, James Morris <jmorris@...>, Pavel Machek <pavel@...>, Crispin Cowan <crispin@...>, Greg KH <greg@...>, Andreas Gruenbacher <agruen@...>, <jjohansen@...>, <linux-kernel@...>, <linux-security-module@...>, <linux-fsdevel@...>

Subject: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

Date: Friday, June 22, 2007 - 7:34 am

On Friday June 22, sds@tycho.nsa.gov wrote:
quoted text> > 
> > Yes. Your use case is different than mine.
> 
> My use case is being able to protect data reliably.  Yours?

Saying "protect data" is nearly meaningless without a threat model.
I bet you don't try to protect data from a direct nuclear hit, or a
court order.

AA has a fairly clear threat model.  It involves a flaw in a
program being used by an external agent to cause it to use
privileges it would not normally exercise to subvert privacy or
integrity.
I think this model matches a lot of real threats that real sysadmins
have real concerns about.  I believe that the design of AA addresses
this model quite well. 

What is your threat model?  Maybe it is just different.

NeilBrown
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Neil Brown, (Fri Jun 22, 7:34 am)

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulat..., Stephen Smalley, (Fri Jun 22, 7:48 am)


linux-kernel:
Eric Paris	[RFC 0/5] [TALPA] Intro to a linux interface for on access scanning
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Chris Mason	Btrfs v0.16 released
git:
Michael Hendricks	removing content from git history
Jakub Narebski	Re: VCS comparison table
Ken Pratt	pack operation is thrashing my server
Aubrey Li	git proxy issue
openbsd-misc:
Kevin Neff	Patching a SSH 'Weakness'
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Theo de Raadt	Re: dmesg IBM x3650 OpenBSD 4.3
F. Caulier	[Perl/locales] Warning about locales
linux-netdev:
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
Jens Axboe	Re: [BUG] New Kernel Bugs
Rémi	[PATCH 0/6] [RFC] Phonet pipes protocol (v2)
Oliver Hartkopp	Re: [RFC] Patch to option HSO driver to the kernel


Treason Uncloaked	2 hours ago	Linux kernel
Shared swap partition	13 hours ago	Linux general
high memory	2 days ago	Linux kernel
semaphore access speed	2 days ago	Applications and Utilities
the kernel how to power off the machine	2 days ago	Linux kernel
Easter Eggs in windows XP	2 days ago	Windows
Root password	2 days ago	Linux general
Where/when DNOTIFY is used?	2 days ago	Linux kernel
How to convert Linux Kernel built-in module into a loadable module	2 days ago	Linux kernel
Linux 2.6.24 and I/O schedulers	2 days ago	Linux kernel

Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching

Online users