Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: Crispin Cowan <crispin () novell com>
Date: Mon, 10 Apr 2006 16:28:23 -0700

Brian Eaton wrote:
Does cap_setuid give a program enough authority to break out of the
AppArmor profile?
  
No, cap_setuid is not sufficient. In fact, being full root is not
sufficient to break out of AppArmor confinement. Rood daemons being one
of the greatest threats to the system, AppArmor would not be very useful
if it could not confine root.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]