[opensuse-security] AA profiles world readable!?
Hi there, do AppArmor profiles really need to be world readable? Would it hurt to set them to 640 or even 600? Why should user processes need to read AA profiles? If they don´t need, they shouldn´t in the first place IMHO. I mean, doesn´t only AA (=root) need to read them? Thanks
On 2014-08-29 16:05, pinguin74 wrote:
Hi there,
do AppArmor profiles really need to be world readable?
Would it hurt to set them to 640 or even 600?
Why should user processes need to read AA profiles? If they don´t need, they shouldn´t in the first place IMHO.
I mean, doesn´t only AA (=root) need to read them?
No, it needs root to write them. You don't need to hide the information from users, there are no secrets in them. Like fstab: users can read it, too. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Am 29.08.2014 16:50, schrieb Carlos E. R.:
On 2014-08-29 16:05, pinguin74 wrote:
Hi there,
do AppArmor profiles really need to be world readable?
Would it hurt to set them to 640 or even 600?
Why should user processes need to read AA profiles? If they don´t need, they shouldn´t in the first place IMHO.
I mean, doesn´t only AA (=root) need to read them?
No, it needs root to write them.
You don't need to hide the information from users, there are no secrets in them. Like fstab: users can read it, too.
Well, I think one thing you can learn from attacks is, that attackers always abuse things you never expected they could be abused at all... Thus, disable, delete, remove everything not necessarily needed... Maybe an attacker could read the profiles and then attack another app that seems to him to be secured in a less strict way? I´d like to avoid that by setting profiles to 640 or 600.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-08-30 16:53, pinguin74 wrote:
Am 29.08.2014 16:50, schrieb Carlos E. R.:
Well, I think one thing you can learn from attacks is, that attackers always abuse things you never expected they could be abused at all... Thus, disable, delete, remove everything not necessarily needed...
They can easily read the profiles from internet, or their own installation. They are published.
Maybe an attacker could read the profiles and then attack another app that seems to him to be secured in a less strict way? I´d like to avoid that by setting profiles to 640 or 600.
It is your system :-) But the attacker can simply probe applications till it/he finds one that gives him access. It is slower than reading the profiles directly, but no big issue to them, if they are interested. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQB6J0ACgkQtTMYHG2NR9XWQgCffjVF49DG/M5SccJ+2CfUGGr0 UyAAnjGBk8aU9ftmjCR63b4oXxfnoapw =UsAO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Carlos E. R. -
Carlos E. R. -
pinguin74