Mailinglist Archive: opensuse-security (12 mails)

< Previous Next >
Re: [opensuse-security] Apparmor suggestion to include more profiles
On 2016-05-30 11:25, Johannes Meixner wrote:

I wonder how AppArmor (or any external tool) could know
whether or not an application reads or writes files
unnoticed versus via an explicit user confirmation dialog?

It is a very good point you mention.

Suppose LibreOffice is configured so that it can only open files in
~/Documents. Now suppose LibreOffice is trojaned, perhaps via a macro
virus. It could open and trash every file in ~/Documents. Whereas if it
is only allowed to write files explicitly mentioned in the open dialog,
this would not happen.

But I don't see this is feasible. A Document can include other
documents, for instance.

--
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)

< Previous Next >
List Navigation
Follow Ups