Re: AppArmor FAQ

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Bernd Eckenfels <ecki@...>

Cc: <linux-kernel@...>

Date: Thursday, April 19, 2007 - 4:19 pm

On Thu, 19 Apr 2007, Bernd Eckenfels wrote:

quoted text> In article <Line.LNX.4.64.0704180935100.25495@d.namei> you wrote:
> > Perhaps -- until your httpd is compromised via a buffer overflow or 
> > simply misbehaves due to a software or configuration flaw, then the 
> > assumptions being made about its use of pathnames and their security 
> > properties are out the window.
> 
> Hu? Even a compromised httpd (especially a compromised httpd) is bound to
> the app armor policies. This means it cannot (for example) write to
> /var/www/* - if it never needed to at normal/profiling time.

This has been addressed several times already, please read the full 
thread.



- James
-- 
James Morris
<jmorris@namei.org>
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

AppArmor FAQ, John Johansen, (Mon Apr 16, 5:33 pm)

Re: AppArmor FAQ, James Morris, (Mon Apr 16, 8:20 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 5:55 pm)

Re: AppArmor FAQ, Rob Meijer, (Wed Apr 18, 3:21 am)

Re: AppArmor FAQ, Joshua Brindle, (Wed Apr 18, 8:15 am)

Re: AppArmor FAQ, Rob Meijer, (Wed Apr 18, 10:05 am)

Re: AppArmor FAQ, Casey Schaufler, (Wed Apr 18, 9:31 am)

Re: AppArmor FAQ, David Lang, (Wed Apr 18, 3:08 am)

Re: AppArmor FAQ, James Morris, (Wed Apr 18, 9:33 am)

Re: AppArmor FAQ, Crispin Cowan, (Tue Apr 17, 6:55 pm)

Re: AppArmor FAQ, Pavel Machek, (Sat Jun 9, 10:11 am)

Re: AppArmor FAQ, David Safford, (Tue Apr 17, 11:03 am)

Re: AppArmor FAQ, Crispin Cowan, (Tue Apr 17, 7:09 pm)

Re: AppArmor FAQ, Stephen Smalley, (Thu Apr 19, 1:56 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 7:20 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 12:00 pm)

Re: AppArmor FAQ, Andi Kleen, (Tue Apr 17, 2:05 pm)

Re: AppArmor FAQ, Stephen Smalley, (Thu Apr 19, 1:46 pm)

Re: AppArmor FAQ, David Lang, (Fri Apr 20, 2:45 pm)

Re: AppArmor FAQ, Karl MacMillan, (Fri Apr 20, 3:23 pm)

Re: AppArmor FAQ, James Morris, (Tue Apr 17, 1:47 pm)

Re: AppArmor FAQ, Andi Kleen, (Tue Apr 17, 2:10 pm)

Re: AppArmor FAQ, Casey Schaufler, (Tue Apr 17, 4:19 pm)

Re: AppArmor FAQ, James Morris, (Tue Apr 17, 4:50 pm)

Re: AppArmor FAQ, Andi Kleen, (Tue Apr 17, 5:16 pm)

Re: AppArmor FAQ, Alan Cox, (Tue Apr 17, 5:58 pm)

Re: AppArmor FAQ, James Morris, (Wed Apr 18, 9:45 am)

Re: AppArmor FAQ, Bernd Eckenfels, (Thu Apr 19, 2:19 pm)

Re: AppArmor FAQ, James Morris, (Thu Apr 19, 4:19 pm)

Re: AppArmor FAQ, Crispin Cowan, (Wed Apr 18, 3:41 pm)

Re: AppArmor FAQ, Pavel Machek, (Sat Jun 9, 5:01 pm)

Re: AppArmor FAQ, , (Sat Jun 9, 5:28 pm)

Re: AppArmor FAQ, Pavel Machek, (Sat Jun 9, 7:02 pm)

Re: AppArmor FAQ, , (Sat Jun 9, 8:06 pm)

Re: AppArmor FAQ, Stephen Smalley, (Thu Apr 19, 1:14 pm)

Re: AppArmor FAQ, David Lang, (Wed Apr 18, 4:15 pm)

Re: AppArmor FAQ, Stephen Smalley, (Thu Apr 19, 1:27 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 5:41 pm)

Re: AppArmor FAQ, Andi Kleen, (Tue Apr 17, 6:12 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 6:29 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 5:48 pm)

Re: AppArmor FAQ, Casey Schaufler, (Tue Apr 17, 7:12 pm)

Re: AppArmor FAQ, Karl MacMillan, (Tue Apr 17, 6:26 pm)


linux-kernel:
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Justin C. Sherrill	Mailing list archive
Ingo Molnar	[patch 08/13] syslets: x86, add move_user_context() method
git:

linux-netdev:
Steven Rostedt	Re: -rt scheduling: wakeup bug?
David Miller	[GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
openbsd-misc:

Re: AppArmor FAQ

Online users