Mailinglist Archive: opensuse-factory (956 mails)

< Previous Next >
Re: [opensuse-factory] 12.1 beta, apparmor not installed automatically
  • From: Claudio Freire <klaussfreire@xxxxxxxxx>
  • Date: Fri, 7 Oct 2011 11:27:08 -0300
  • Message-id: <>
On Fri, Oct 7, 2011 at 8:28 AM, Christian Boltz <opensuse@xxxxxxxxx> wrote:
Basically all programs with a "save as..." menu item are impossible to
profile because you never know where a user wants to store his files.
Well, you could allow write access everywhere, but that doesn't really
bring a security improvement.

There is an option, though, which is explicitly prohibit access to
sensitive files.
Like /etc/shadow, ~/.ssh, etc etc...

It would stop many attack vectors.

Of course, research would be needed to find out which attack vectors
use which files, to make sure the profile is useful.
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >