login
Header Space

 
 

Re: AppArmor Security Goal

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Dr. David Alan Gilbert <linux@...>
Cc: Arjan van de Ven <arjan@...>, Linux Kernel Mailing List <linux-kernel@...>, LSM ML <linux-security-module@...>, apparmor-dev <apparmor-dev@...>
Date: Monday, November 12, 2007 - 7:50 pm

Dr. David Alan Gilbert wrote:
Because it is easier to solve if there is only one non-privileged user:
you just give them privilege (fun with chmod and sudo) to edit the
system policies, and you're done (assuming you are happy allowing the
non-privileged user to edit policy at all).

If there are lots of non-privileged users sharing a computer, then I
submit that solutions are either insecure, intractable, or purely
restrictive.

Ok, I can see where that would be useful in theory. But solving it is
VERY hard in practice, and AppArmor is not attempting to address this
problem of user extensibility of mandatory access controls.

Crispin

-- 
Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin
CEO, Mercenary Linux		   http://mercenarylinux.com/
	       Itanium. Vista. GPLv3. Complexity at work

-
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
AppArmor Security Goal, Crispin Cowan, (Thu Nov 8, 5:33 pm)
Re: AppArmor Security Goal, Andi Kleen, (Sat Nov 10, 5:04 pm)
Re: AppArmor Security Goal, , (Sat Nov 10, 5:28 pm)
Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:36 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 5:24 pm)
Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:23 pm)
Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 6:04 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 6:11 pm)
Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 6:24 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 6:41 pm)
Re: AppArmor Security Goal, Casey Schaufler, (Sat Nov 10, 10:17 pm)
Re: AppArmor Security Goal, Joshua Brindle, (Mon Nov 12, 8:10 pm)
Re: AppArmor Security Goal, Casey Schaufler, (Tue Nov 13, 12:58 am)
Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:55 pm)
Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 7:25 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Mon Nov 12, 7:50 pm)
Re: AppArmor Security Goal, John Johansen, (Mon Nov 12, 9:20 pm)
Re: AppArmor Security Goal, Rogelio M. Serrano Jr., (Sun Nov 11, 3:02 am)
Re: AppArmor Security Goal, , (Sat Nov 10, 7:52 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Mon Nov 12, 8:13 pm)
Re: AppArmor Security Goal, John Johansen, (Sun Nov 11, 12:17 am)
Re: AppArmor Security Goal, , (Sun Nov 11, 12:50 am)
Re: AppArmor Security Goal, Alan Cox, (Sat Nov 10, 7:56 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Mon Nov 12, 7:58 pm)
Re: AppArmor Security Goal, , (Sat Nov 10, 9:27 pm)
Re: AppArmor Security Goal, John Johansen, (Sat Nov 10, 11:59 pm)
Re: AppArmor Security Goal, Dr. David Alan Gilbert, (Sat Nov 10, 7:47 pm)
Re: AppArmor Security Goal, Alan Cox, (Sat Nov 10, 6:57 pm)
Re: AppArmor Security Goal, Crispin Cowan, (Sat Nov 10, 7:14 pm)
Re: AppArmor Security Goal, Alan Cox, (Sat Nov 10, 7:54 pm)
speck-geostationary