Re: [RFC][PATCH 0/11] security: AppArmor - Overview

[Joshua Brindle]

On Thu, 2006-04-20 at 08:17 -0400, Stephen Smalley wrote:
> On Wed, 2006-04-19 at 10:49 -0700, Tony Jones wrote: 
> > AppArmor is an LSM security enhancement for the Linux kernel. The
> > primary goal of AppArmor is to make it easy for a system administrator
> > to control application behavior, enforcing that the application has
> > access to only the files and POSIX.1e draft capabilities it requires to
> > do its job. AppArmor deliberately uses this simple access control model
> > to make it as easy as possible for the administrator to manage the
> > policy, because the worst security of all is that which is never
> > deployed because it was too hard.
> 
> The worst security is that which doesn't do what it claims to do, giving
> a false sense of security.  Which is precisely the problem with
> path-based access control; it makes the user think that he is protecting
> a given object, when in fact the object may be accessible by another
> means.

I've compiled a list of security related issues with path based access
control at
http://securityblog.org/brindle/2006/04/19/security-anti-pattern-path-based-access-control/

I intentionally avoided specific implementations and OS related issues
to focus on the security aspects. Note that not all path based access
control implementations are subject to all these problems but some are
common to all.

Joshua Brindle

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/