On Wed, 09 Jul 2008 22:39:48 +0200, Anders Johansson wrote:
On Wednesday 09 July 2008 20:57:29 Jim Henderson wrote:
Because just like Antivirus on Linux, the only thing that AppArmor is doing is preventing a user-initiated program from making changes to the system; changes that wouldn't happen if the user were being smart.
AppArmor primarily exists to protect servers. It has nothing whatever in common with anti-virus programs.
Sure it does - both have the job of protecting the system from harm caused by malicious code. They use different methods - and I fully agree that AppArmor does a *better* job because it defines behaviours rather than specific code signatures. If I could use AppArmor to protect my *documents* from being changed without my knowledge, that'd be great. That'd solve the problem entirely.
Servers generally don't need user input to do something, they wouldn't scale very well if they did - this is why they need extra protection.
So we just continue with assuming that all Linux users are smart enough to not do something stupid to their system?
If apache required the sysadmin to confirm each and every GET or POST, then we would never have any issue with defacements, and apparmor would not be needed, you are correct
That's exactly my point. If "we" require users to confirm every single file open/read/write operation is happening in accordance with expected behaviours of a program, then we make the user less efficient. With the power of todays machines, is even a 5% performance hit even worth worrying about in *most* applications? Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org