Results 1 to 3 of 3

Thread: How does Apparmor block a bad-program

  1. #1

    Question How does Apparmor block a bad-program

    Hello,

    depending on reading some apparmor docs, I know that apparmor read logs to determine what profile a program will be, that means a profile only can be built when the program have been exec at least a time, or we already how will be executed of a specific program.

    but if a hack inserts a bad-program such as a back door or virus what should never be executed any time, and at the same time we don't know what's the consequence will happen due to the behaviors of a bad-program. therefore, how could apparmor do to prevent these situations?

    Can apparmor confine every thing what under a specific directory by default? because use:
    aa-autodep /path/to/restrict/* is 'complain' by default and everything are allowed, can apparmor deny everything by default?

  2. #2

    Default Re: How does Apparmor block a bad-program

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    AppArmor's purpose is to prevent a trusted program's unknown
    vulnerabilities from being exploited to escalate privileges or use
    existing system privileges to do bad things. If you have an untrusted
    application from somebody, don't run it. If you do run it in the first
    place make sure it isn't bad and once running setup a policy for it to
    limit its operations for a time when it is exploited. If somebody is able
    to run an untrusted app on your system then you have probably already lost
    the battle.

    Good luck.





    On 06/10/2010 12:26 AM, luke chen wrote:
    >
    > Hello,
    >
    > depending on reading some apparmor docs, I know that apparmor read logs
    > to determine what profile a program will be, that means a profile only
    > can be built when the program have been exec at least a time, or we
    > already how will be executed of a specific program.
    >
    > but if a hack inserts a bad-program such as a back door or virus what
    > should never be executed any time, and at the same time we don't know
    > what's the consequence will happen due to the behaviors of a
    > bad-program. therefore, how could apparmor do to prevent these
    > situations?
    >
    > Can apparmor confine every thing what under a specific directory by
    > default? because use:
    > aa-autodep /path/to/restrict/* is 'complain' by default and everything
    > are allowed, can apparmor deny everything by default?
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.12 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJMEIpUAAoJEF+XTK08PnB5oUEQAKourEBPxrd/y/l1Qn9v1Jus
    9YTpGXJUvznV4NEzRXRY0hpgeY6AbroVC+F3qfmEGp0yM0RLdgtwxK46zpKS0t1d
    7vxW+oaYdMVE9QVjFBEIOoHWPoH3gSzo10CMJ++pCQWJBzswpK0zFpDrNzaKjg9q
    SBwQgB5p4k/o24OrgU95crGD9squJD85tcIWt375+N2r+qfEjN5XEpqhe9RsDuQF
    6TSgFjN1UUKxj6ZJZEfNn7rKqLrK+8qPFVc+33eNOugSHCw+pUklMlliJtKV34Z1
    Vpfwp2L9jfCMYhBylqx9jUOobZspnncfiUryJV5SFj5XWfxNHRHKjOMJBZrUegk+
    Vnr7JO1dZshwnHluYdTkuNp2ETUsZO8gtyNWMynXkFk8RVydzFkUdUWS23pGjWHZ
    8tzTfLsC8pWY7CXB4NVAcJp+0KCSHP6paoxdHGliVopW9yLqh2PkCYssc3yAQ1Wu
    1/Stq/MLT0FJLwW+RaoT+Ee7VDO6boY2QA4KV9AUQ6FqFeNzhOJw++nQ5vRf7+hI
    1HmWFggJG+9NX7KhnfcPMD7Rht6Sz57+cr8xD1XWvCYbyHszmAh6HwQrUGSEwTJK
    QRQX2nor52QTavfp78I7mLZeJY8HFvwA6UrXlvlGjUKO6PLyRd2JQGRrToUZ3WCN
    ZJeuABKiLYLf4kNSJ1QC
    =Iorx
    -----END PGP SIGNATURE-----

  3. #3

    Default Re: How does Apparmor block a bad-program

    thank you very much!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •