Hello, Am Freitag, 4. August 2017, 14:07:17 CEST schrieb Simon McVittie: > On Thu, 03 Aug 2017 at 17:20:20 -0400, intrigeri wrote: > > Hi Debian AppArmor team, upstream AppArmor people, people who > > volunteered to review this text, a few maintainers of packages that > > include AppArmor policy, and some innocent bystanders! > > You have presented the case for enabling AppArmor well, so here is the > devil's-advocate position: issues with doing so. > > > AppArmor confines programs according to a set of rules that specify > > what operations a given program can access, e.g. it can prevent your > > PDF reader and video player from accessing your GnuPG secrets keys > > and executing arbitrary code. This proactive approach helps protect > > the system against both known and unknown vulnerabilities. > > Does it, though? To judge the value of AppArmor, I don't think it's > enough to know how many wrong denials we have (functionality being > broken by AppArmor): we should also understand how many attacks would > have been mitigated or prevented by it.
Wrong distribution, but still - it prevented exploiting Sambacry aka CVE-2017-7494 on openSUSE :-) - https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00067.html (BTW: openSUSE has a nice script that updates the samba profile based on the configured shares which helped a lot to reduce complaints about the Samba AppArmor profile.) Another practical example is Dirtycow - I played with two of the sample exploits, and AppArmor was able to keep that cow clean ;-) > My experience has been that updates to lower-level libraries like SDL > and udev frequently cause me to have to update my profiles, even > without code changes to what I actually maintain. If they were in > enforcing mode, functionality would presumably have been lost. Just curious - can you give some examples (especially the needed profile changes) for this? > Games are pretty much the perfect example of something that should > have AppArmor profiles - their legitimate interactions with user files > are minimal, and I like to characterise them (not entirely jokingly) > as basically a series of security flaws joined together by a physics > engine. *lol* Regards, Christian Boltz -- The updated behavior seems to be that this is happening on a weekly basis like clockwork. The problem disappears approximately somewhere between Wednesday to Saturday each week, only to reappear somewhere approximately Sunday to Wednesday each week. [Ton Su in bnc#727586]
signature.asc
Description: This is a digitally signed message part.
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
