https://bugzilla.novell.com/show_bug.cgi?id=724829 https://bugzilla.novell.com/show_bug.cgi?id=724829#c6 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de | --- Comment #6 from Ludwig Nussel <lnussel@suse.com> 2011-11-15 15:54:06 CET --- Apparmor helps in cases where the confined application suddenly tries to access files it doesn't need during normal operation. Such as trying to exec /bin/sh due to trying to mount an attack. I can not present bold real world success stories but then I am not a marketing guy trying to sell Apparmor. I am confident that a process confined in an appropriate profile presents at least additional barriers to attackers that give us time until we are able to release real fixes. Similar to how we use other defensive measurements like ASLR, stack protector etc. Like any piece of software Apparmor is not immune to bugs. It's not broken by design though. Also, Apparmor cannot defend against too permissive/broken or simply missing profiles of course. In order to make it useful in the default installation Apparmor of course needs to ship with profiles that actually apply to services in the default installation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.