Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching

From: John Johansen
Date: Mon Apr 16 2007 - 16:56:26 EST

Next message: Ãric Piel: "[PATCH 2/2] wistron_btns: add led support"
Previous message: Anton Vorontsov: "Re: [PATCH 2/7] [RFC] Common power driver for Linux gadgets"
In reply to: Andi Kleen: "Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching"
Next in thread: Pavel Machek: "Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 16, 2007 at 08:27:08AM +0200, Andi Kleen wrote:
> > It's nice to check for consistency though, so we're adding that. Profile
> > loading is a trusted operation, at least so far, and so security wise we
> > don't actually have to care --- if loading an invalid profile can bring down
> > the system, then that's no worse than an arbitrary module that crashes the
> > machine. Not sure if there will ever be user loadable profiles; at least at
> > that point we had to care.
>
> A security system that allows to crash the kernel is a little weird
> though. It would be better to check. Not that a recursion check
> is particularly expensive.
>
Indeed. It will be fixed in the next rev.

thanks
john

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Ãric Piel: "[PATCH 2/2] wistron_btns: add led support"
Previous message: Anton Vorontsov: "Re: [PATCH 2/7] [RFC] Common power driver for Linux gadgets"
In reply to: Andi Kleen: "Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching"
Next in thread: Pavel Machek: "Re: [AppArmor 39/41] AppArmor: Profile loading and manipulation, pathname matching"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]