Mailinglist Archive: opensuse-factory (956 mails)

< Previous Next >
Re: [opensuse-factory] 12.1 beta, apparmor not installed automatically
  • From: Claudio Freire <klaussfreire@xxxxxxxxx>
  • Date: Fri, 7 Oct 2011 11:27:08 -0300
  • Message-id: <CAGTBQpaRBeaXp4sMJssJX+WJi=xu-O0Z3+PgSh42Zv4rGMV5bg@mail.gmail.com>
On Fri, Oct 7, 2011 at 8:28 AM, Christian Boltz <opensuse@xxxxxxxxx> wrote:
Basically all programs with a "save as..." menu item are impossible to
profile because you never know where a user wants to store his files.
Well, you could allow write access everywhere, but that doesn't really
bring a security improvement.

There is an option, though, which is explicitly prohibit access to
sensitive files.
Like /etc/shadow, ~/.ssh, etc etc...

It would stop many attack vectors.

Of course, research would be needed to find out which attack vectors
use which files, to make sure the profile is useful.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >