Hello, Am Dienstag, 3. November 2015 schrieb Johannes Meixner:
On Nov 3 11:50 Claudio Freire wrote (excerpt):
When someone runs as root it can compromise the whole system,
Really in any case?
Of course on a system with only traditional file access permissions root can read all files because for root traditional file access permissions are not tested.
But I wonder if there is perhaps nowadays advanced stuff which could protect user data even from root access?
Well, in theory, you could create an AppArmor profile for rpm. Unfortunately, you'll need to allow it writing files everywhere and also to override traditional file access permissions (capability dac_override) because, well, writing files everywhere is rpm's job, and also installing files which are only readable by a daemon user. You'll also need to allow executing basically everything because of %post etc. scripts. So in practise it's extremely hard to restrict rpm because that would basically mean to break its functionality. The only thing you could try is to deny access to /home/** - assuming that packages typically should not touch anything there. (I never tried or checked if all packages follow this assumption, and actually never tried to create a profile for rpm. Maybe I should try that "just for fun" before the next zypper dup ;-))
whereas something that runs as a user can only compromise the user.
My argument is that "only compromise the user" is in practice on an usual end-user system the worst case.
The difference is a) compromise user data b) compromise user data _and_ compromise the system in a way that the attack can be hidden so you are right that you'll get the same result for the user data, but at least you have a chance to notice that something interesting[tm] happens ;-) Regards, Christian Boltz --
Brauchst Du die sig noch? Ich hab sie nämlich gerade geklaut ;-) JA!! *uff* ich hab sie noch!!! :) [> Christian Boltz und David Haller in suse-linux-faq]
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org