David Wagner wrote:
James Morris wrote:
[...] you can change the behavior of the application and then bypass
policy entirely by utilizing any mechanism other than direct filesystem
access: IPC, shared memory, Unix domain sockets, local IP networking,
remote networking etc.
On Thu, 19 Apr 2007, Stephen Smalley wrote:
already happened to integrate such support into userland.
To look at it in a slightly different way, the AA emphasis on not
modifying applications could be viewed as a limitation. Ultimately,
users have security goals that go beyond just what the OS
On Wed, 2007-04-18 at 12:41 -0700, Crispin Cowan wrote:
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something
On Tue, 2007-04-17 at 20:05 +0200, Andi Kleen wrote:
Karl MacMillan [EMAIL PROTECTED] writes:
No - the real fix is to change the applications or to run under a policy
that confines all applications. Most of the problems with resolv.conf,
mtab, etc. stem from admin processes (e.g.,
On Tue, 2007-04-17 at 16:09 -0700, Crispin Cowan wrote:
David Safford wrote:
On Mon, 2007-04-16 at 20:20 -0400, James Morris wrote:
On Mon, 16 Apr 2007, John Johansen wrote:
Label-based security (exemplified by SELinux, and its predecessors in
MLS systems) attaches security
--- Joshua Brindle [EMAIL PROTECTED] wrote:
Biba and BLP are only incompatible if they are using the same label, if
each object has a confidentiality and integrity label they work fine
together
Joshua is correct here, although the original Biba observation was
that flipping BLP upside
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be possible to configure to be very secure.
On Wed, April 18, 2007 14:15, Joshua Brindle wrote:
Having said that, I feel a path based solution could have great
potential
if it could be used in conjunction with the object capability model,
that
I would consider a simple and practical alternative integrity model that
does not require
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be possible to configure to be
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be possible to configure
On Wed, 18 Apr 2007, Crispin Cowan wrote:
Please explain why labels are necessary for effective confinement. Many
systems besides AppArmor have used non-label schemes for effective
confinement: TRON, Janus, LIDS, Systrace, BSD Jail, EROS, PSOS, KeyOS,
AS400, to name just a few. This claim seems
On Wed, 18 Apr 2007, James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play with and hack on and may
be
On Wed, 18 Apr 2007, Crispin Cowan wrote:
James Morris wrote:
On Tue, 17 Apr 2007, Alan Cox wrote:
I'm not sure if AppArmor can be made good security for the general case,
but it is a model that works in the limited http environment
(eg .htaccess) and is something people can play
Karl MacMillan [EMAIL PROTECTED] writes:
No - the real fix is to change the applications or to run under a policy
that confines all applications. Most of the problems with resolv.conf,
mtab, etc. stem from admin processes (e.g., editors or shell scripts)
all running under the same unconfined
On Tue, Apr 17, 2007 at 01:47:39PM -0400, James Morris wrote:
Normal applications need zero modification under SELinux.
Some applications which manage security may need to be made SELinux-aware,
Anything that can touch /etc/resolv.conf? That's potentially a lot of binaries
if you consider
On Tue, 17 Apr 2007, Casey Schaufler wrote:
those names it cares about. SELinux in the absence of a correct and
complete policy could be considered dangerous.
It should be noted that SELinux is only recommended as an addition to DAC,
not a replacement, so that it can only further restrict
For SELinux to be effective it has to have a complete policy definition.
This would prevent the OpenOffice access (unless OpenOffice is in the
modify_resolv_conf_t domain) above.
This would mean no fully functional root user anymore. My understanding
is rather that at least in the Fedora
On Tue, 2007-04-17 at 23:16 +0200, Andi Kleen wrote:
For SELinux to be effective it has to have a complete policy definition.
This would prevent the OpenOffice access (unless OpenOffice is in the
modify_resolv_conf_t domain) above.
This would mean no fully functional root user anymore. My
Karl MacMillan wrote:
On Mon, 2007-04-16 at 20:20 -0400, James Morris wrote:
On Mon, 16 Apr 2007, John Johansen wrote:
Label-based security (exemplified by SELinux, and its predecessors in
MLS systems) attaches security policy to the data. As the data flows
through the system, the
David Safford wrote:
On Mon, 2007-04-16 at 20:20 -0400, James Morris wrote:
On Mon, 16 Apr 2007, John Johansen wrote:
Label-based security (exemplified by SELinux, and its predecessors in
MLS systems) attaches security policy to the data. As the data flows
through the system, the
On Tue, 2007-04-17 at 16:09 -0700, Crispin Cowan wrote:
David Safford wrote:
On Mon, 2007-04-16 at 20:20 -0400, James Morris wrote:
snip
The meaning of a file is how other processes interpret it. Until then,
/etc/resolv.conf is just a quaint bag of bits. What makes it special is
Here we present our direct responses to the most frequent questions from
the AppArmor from the 2006 post.
Use of Pathnames For Access Control
---
Some people in the security field believe that pathnames are an
inappropriate security mechanism. This depends on
22 matches
Mail list logo