Jacob Appelbaum wrote (08 Oct 2014 12:19:57 GMT) :
> What are the parameters you'd like to be tested? That is - what would
> count as a bug? Do we have a security model of what should be readable
> by a given app? Or writable by a given app?

We don't have any such thing specified yet. The idea was to get *some*
minimal AppArmor support in and working first, so this call for
testing is more about whether I broke anything, than about checking
that the AppArmor profiles are actually efficient security-wise.

However, don't hesitate moving forward and trying to escape the
confinement profiles to access things we clearly don't want to allow,
e.g.:

 * none of these applications should be allowed to access files in
   ~/.{gnupg,ssh}/
 * especially, file access via alternate paths specific to Debian Live
   systems, e.g.
   /live/persistence/TailsData_unlocked/{gnupg,openssh-client}
   ... should be tested

:)

Cheers,
-- 
intrigeri
_______________________________________________
Tails-dev mailing list
[email protected]
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
[email protected].

Reply via email to