Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure: Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

From: Crispin Cowan <crispin_at_novell.com>
Date: Mon, 10 Apr 2006 16:28:23 -0700

Brian Eaton wrote:
> Does cap_setuid give a program enough authority to break out of the
> AppArmor profile?
>
No, cap_setuid is not sufficient. In fact, being full root is not
sufficient to break out of AppArmor confinement. Rood daemons being one
of the greatest threats to the system, AppArmor would not be very useful
if it could not confine root.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Received on Apr 10 2006

This message: [ Message body ]
Next message: 0o_zeus_o0 elitemexico.org: "JetPhoto Multiple Cross-Site Scripting Vulnerabilitie"
Previous message: Alvaro Olavarria: "Dokeos 1.6.4 SQL Injection Vulnerability"
Maybe in reply to: Seth Arnold: "Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]