AppArmor sounds like an excellent alternative to creating a VMWare image for every application you want to run but distrust, although I can think of cases where a VMWare image would be safer. For example, the installer/uninstaller may have vulnerabilities, may be "dirty" (it causes problems by modifying things that affect other applications, or doesn't cleanup correctly), or phones home, etc... I guess you could make a profile for the installer as well (I'm not very enthusiastic about that idea though). Also, I suspect that what you need to allow in some profiles is possibly sufficient to enable "some level" of malicious activity. It's regrettable that it is only available for Suse Linux.
Perhaps one of the AppArmor mailing lists would be more appropriate to ask this, but as you posted an example profile with "capability setuid", I must admit I am curious as to why an email client needs that. I tried looking up relevant documentation on the Novell site, but it seems I was unlucky and tried during a maintenance period because pages were loading erratically. I finally got to the "3.0 Building Novell AppArmor Profiles" page but it was empty. I would appreciate receiving more information about it. I am also interested in the "Linux Security Modules Interface". Regards, Pascal Meunier On 4/2/06 6:49 PM, "Crispin Cowan" <[EMAIL PROTECTED]> wrote: > This is exactly what AppArmor <http://en.opensuse.org/Apparmor> was > designed for: conveniently confining applications to only be able to do > what they need to do. Application's least privilege. > > I am running this mail client (Thunderbird) from within a "sandbox" (we > call it a "profile"). I have attached this policy, which should be > pretty self-explanatory. > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
