Mailinglist Archive: opensuse-security (12 mails)

< Previous Next >
Re: [opensuse-security] Apparmor suggestion to include more profiles
On Mon, May 30, 2016 at 11:25:45AM +0200, Johannes Meixner wrote:

Hello,

perhaps off topic - more a question from someone
who does not know any internals about AppArmor:

On May 29 18:10 Christian Boltz wrote (excerpt):
This is a general problem with profiles for desktop
applications.
As soon as an application comes with File - Open
or File - Save as menu items, the profile can
a) allow opening and saving files from a specified set
of directories (for example, the Ubuntu firefox profile
AFAIK allows saving files only to ~/download/).
Unfortunately this will terribly annoy users.
b) allow opening and saving files everywhere, which makes
the profile pretty useless

I think when there is an explicit dialog whereto the
application will save a file or wherefrom the application
will read a file, there should be no need for additional
restrictions because the user can see and confirm what
file will be used and by standard Unix permissions
a normal user cannot damage other user's data
(basically "the system" is root's data).

In contrast when an application reads or writes files
unnoticed by the user then I would like to have some
restrictions set up so that the application cannot
do "bad things".

In particular I would like that an application cannot
unnoticed replace existing files (e.g. replace my
private data by something else) and that an application
cannot unnoticed read arbitrary files (e.g. read my
private data and send it to someone in the Internet).

Is such a setup possibe with AppArmor?

No.


I wonder how AppArmor (or any external tool) could know
whether or not an application reads or writes files
unnoticed versus via an explicit user confirmation dialog?

Apparmor is implemented by static file/directory path whitelisting rules
in the kernel, it cannot distinguish between a user wanted action
and malicious one (e.g. if there is a dialog or not).

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation