From: David Wagner cs.berkeley.edu>
Subject:
David Wagner wrote:
...snip...
I still think that ptrace() is not the best way to implement this kind
of security tool, and I think it's entirely understandable that they did
not use ptrace. I do not think it is a fair criticism of AppArmor to sa
Pavel Machek wrote:
> David Wagner wrote:
>> There was no way to follow fork securely.
>
>Actually there is now. I did something similar called subterfugue and
>we solved this one.
Yes, I saw that. I thought subterfugue was neat. The way that
subterfugue was a clever hack -- albeit too clever b
Hi!
> >You can do the same with ptrace. If that's not fast enough... improve
> >ptrace?
>
> I did my Master's thesis on a system called Janus that tried using ptrace
> for this goal. The bottom line is that ptrace sucks for this purpose.
> It is a kludge. It is not the right approach. I do not
I've posted on the subject before, and as noone seemed to truely relate
to the concept I concequently dropped my effords, but as you seem to be half
a step in the general right direction, this may be a good time to bring
it up again.
If instead of 'least privilege' and fat profiles, you would opt
Pavel Machek wrote:
>You can do the same with ptrace. If that's not fast enough... improve
>ptrace?
I did my Master's thesis on a system called Janus that tried using ptrace
for this goal. The bottom line is that ptrace sucks for this purpose.
It is a kludge. It is not the right approach. I do
Hi!
> AppArmor's Overall Design
> =
>
> AppArmor protects systems from vulnerable software by confining
> processes, giving them "least privilege" access to the system's
> resources: with least privilege, processes are allowed exactly what they
> need, nothing more, and no
[EMAIL PROTECTED] wrote:
This post contains patches to include the AppArmor application security
framework, with request for inclusion.
question in general, these seems like a fairly invasive series of
patches. back when I first started graduate school, I prototyped a
relatively simple stack
This post contains patches to include the AppArmor application security
framework, with request for inclusion.
The patch series consists of four areas:
(1) Pass struct vfsmount through to LSM hooks.
Tony Jones has posted almost all of these patches here before on
February 5; the feedb
8 matches
Mail list logo
