Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: John Johansen <jjohansen () suse de>
Date: Tue, 11 Apr 2006 14:39:51 -0700

On Thu, Apr 06, 2006 at 11:38:48AM -0400, Brian Eaton wrote:
On 4/5/06, Crispin Cowan <crispin () novell com> wrote:
Pascal Meunier wrote:
 but as you posted an example profile with "capability setuid", I must
admit I am curious as to why an email client needs that.
Well now that is a very good question, but it has nothing to do with
AppArmor. The AppArmor learning mode just records the actions that the
application performs. With or without AppArmor, the Thunderbird mail
client is using cap_setuid. AppArmor gives you the opportunity to *deny*
that capability, so you can try blocking it and find out. But for
documentation on why Thunderbird needs it, you would have to look at
mozilla.org not the AppArmor pages.

Does cap_setuid give a program enough authority to break out of the
AppArmor profile?

No.  AppArmor's profile will confine a process the same no matter what the
uid is (including root).  When a confined program changes its uid the
apparmor profile persists and continues to confine the program the same as
it did under the old uid.

Note that there may be a change in what can be accessed because of DAC
(standard unix permission checking).  DAC permission's are checked before
apparmor's profile so it can be used to reduce permission's to a subset of
what is allowed by the apparmor profile.


Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]