Boyan Tabakov wrote:
True! These techniques combined offer great flexibility that does not sacrifice security. In my particular case, however, the command being executed should not be subject to 'twisting' of its normal behavior. What is the command? Or is it privately developed? Or secret?
If privately developed, you are assuming that your developers write perfect code. If it is just secret to not give attackers a head start, well, ok, because "security through obscurity", while lame, actually does work on an ad hoc one-shot basis. It just falls apart when scaled up to where everyone uses it.
Also, AppArmor is not around when you don't have SuSE...
AppArmor ports are available for Slackware, Ubuntu, Gentoo, and Pardus Linux. I would love to have ports & maintainers for other distros as well, precisely so that you can use AppArmor any where you want. Ports are especially needed for Debian proper (should be an easy port from Ubuntu or Gentoo) and Red Hat. Which distro were you needing it on? Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hacking is exploiting the gap between "intent" and "implementation" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org