30 May
2016
30 May
'16
11:39
On 2016-05-30 11:25, Johannes Meixner wrote:
I wonder how AppArmor (or any external tool) could know whether or not an application reads or writes files unnoticed versus via an explicit user confirmation dialog?
It is a very good point you mention. Suppose LibreOffice is configured so that it can only open files in ~/Documents. Now suppose LibreOffice is trojaned, perhaps via a macro virus. It could open and trash every file in ~/Documents. Whereas if it is only allowed to write files explicitly mentioned in the open dialog, this would not happen. But I don't see this is feasible. A Document can include other documents, for instance. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)