Full Disclosure mailing list archives
Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: "Matt Lidestri" <matt.lidestri () gmail com>
Date: Fri, 7 Apr 2006 00:36:19 -0400
Hello, I have used AppArmor a bit, and must say that I like it a lot. I have used it on a few servers, and in some security competitions. As a HIPS, it is easy to use and fairly effective (from what I have seen). I just saw your question and it sparked my curiousity. From some quick googling, I presume that cap_setuid allows a process or call to be passed as another user (we'll say root for now). I wondered if root was exempt from the AppArmor rules (although I doubted it), so I configured my VMed webserver to access a denied config file for mod_security, and then started apache as root. It failed with an error from AppArmor claiming that access was denied to the configuration file. I restored the permissions in AppArmor and received a different error, apparently the Apache developers were smart enough to disallow apache to be run as root. Nonetheless, AppArmor would not even let it get this far, so even root privileges cannot override AppArmor profiles. Regards, Matt On 4/6/06, Brian Eaton <eaton.lists () gmail com> wrote:
On 4/5/06, Crispin Cowan <crispin () novell com> wrote:Pascal Meunier wrote:but as you posted an example profile with "capability setuid", I must admit I am curious as to why an email client needs that.Well now that is a very good question, but it has nothing to do with AppArmor. The AppArmor learning mode just records the actions that the application performs. With or without AppArmor, the Thunderbird mail client is using cap_setuid. AppArmor gives you the opportunity to *deny* that capability, so you can try blocking it and find out. But for documentation on why Thunderbird needs it, you would have to look at mozilla.org not the AppArmor pages.Does cap_setuid give a program enough authority to break out of the AppArmor profile? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Matt Lidestri
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Crispin Cowan (Apr 02)
- Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pascal Meunier (Apr 03)
- Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Crispin Cowan (Apr 05)
- Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Apr 06)
- Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Matt Lidestri (Apr 06)
- Message not available
- Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Ed Reed (Aesec) (Apr 07)
- Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code John Johansen (Apr 11)
- Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Crispin Cowan (Apr 05)
- Message not available
- Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Seth Arnold (Apr 07)
- Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Tony Jones (Apr 07)
- Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pascal Meunier (Apr 03)
- Message not available
- Re: [Apparmor-dev] Re: Re: [SC-L] Re: [Owasp-dotnet] RE: 4 Questions:Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Crispin Cowan (Apr 10)