On Sun, 05 Sep 2021 08:00:51 -0600 Gabe Stanton via Dng <[email protected]> wrote:
> On Sun, 2021-09-05 at 12:54 +0200, tito via Dng wrote: > > Hi, > > I'm not very fond of apparmor for various reasons: > > > > 1) I experienced unexpected behavior of programs > > silently failing to do something (log, run, etc) > > because the apparmor profile was wrong/bugged > > I experienced the same, as my first introduction to AppArmor, and a > couple times more before I did the same as you and purged it. > > > > > 2) unless you study every code path in the program you want to > > supervise the profiles used will not be safe but nobody really > > cares > > (e.g. maintainer adds a profile that works with the default > > setup > > of the distro (....if it really works)) > > This is a great point and probably the biggest reason I remain unsure > about it, combined with the level of permissions it controls, it's like > giving another root-level program access to every bit of processing > that happens. Yes all programs have code that need to be understood to > be trusted, but a program with root-level authority that polices all > other programs....I need to understand that program a lot better, > before trusting it, than I do basically any other program. Maybe there > are flaws in that thinking, but unless I misunderstand the level of > permission and control AppArmor has, I'm right to be weary of it. > > Also, the fact that it comes by default, and is enabled by default, and > has those permissions and capabilities, to me, that's the kind of > program that is likely to be exploited in the future, assuming it's not > exploited now and that the dev's or the project are exploitable one way > or another. The fact that it has such permissions and is enabled by > default, and that it was introduced recently, all of those things > justify suspicion as far as I'm concerned. To my unprofessional but > suspicious eyes, it reminds me of systemd. > > Maybe we're wrong, but until we take the time to look at and understand > every line of code, and get to know the project, it seems far safer to > rely on things like firewalls and other trusted security tools. > > > Gabe > Hi, one stupid question that struck my mind right now could apparmor control itself? could you write an apparmor profile to limit what apparmor is doing? Ciao, Tito _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
