:: Re: [DNG] KUserFeedback
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MGabe Stanton at <-
MSteve Litt at ->
Delete this message
Reply to this message
Author: tito
Date:  
To: dng
New-Topics: Re: [DNG] AppArmor
Subject: Re: [DNG] KUserFeedback
On Sun, 05 Sep 2021 08:00:51 -0600
Gabe Stanton via Dng <dng@???> wrote:

> On Sun, 2021-09-05 at 12:54 +0200, tito via Dng wrote:
> > Hi,
> > I'm not very fond of apparmor for various reasons:
> > 
> > 1) I experienced unexpected behavior of programs
> >       silently failing to do something (log, run, etc)
> >       because the apparmor profile was wrong/bugged

>
> I experienced the same, as my first introduction to AppArmor, and a
> couple times more before I did the same as you and purged it.
>
> > 
> > 2) unless you study every code path in the program you want to
> >     supervise the profiles used will not be safe but nobody really
> > cares
> >      (e.g. maintainer adds a profile that works with the default
> > setup
> >      of the distro (....if it really works))

>
> This is a great point and probably the biggest reason I remain unsure
> about it, combined with the level of permissions it controls, it's like
> giving another root-level program access to every bit of processing
> that happens. Yes all programs have code that need to be understood to
> be trusted, but a program with root-level authority that polices all
> other programs....I need to understand that program a lot better,
> before trusting it, than I do basically any other program. Maybe there
> are flaws in that thinking, but unless I misunderstand the level of
> permission and control AppArmor has, I'm right to be weary of it.
>
> Also, the fact that it comes by default, and is enabled by default, and
> has those permissions and capabilities, to me, that's the kind of
> program that is likely to be exploited in the future, assuming it's not
> exploited now and that the dev's or the project are exploitable one way
> or another. The fact that it has such permissions and is enabled by
> default, and that it was introduced recently, all of those things
> justify suspicion as far as I'm concerned. To my unprofessional but
> suspicious eyes, it reminds me of systemd.
>
> Maybe we're wrong, but until we take the time to look at and understand
> every line of code, and get to know the project, it seems far safer to
> rely on things like firewalls and other trusted security tools.
>
>
> Gabe
>
Hi,

one stupid question that struck my mind right now could
apparmor control itself?
could you write an apparmor profile to limit what apparmor
is doing?

Ciao,
Tito

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Firefox, sudo and apulse (was Re: Steam, Mumble, Valheim, Alsa and shared audio)Re: [DNG] AppArmor->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)