Date: Sat, 2 Jun 2007 07:27:13 -0700 (PDT)
From: david@lang.hm
To: Valdis.Kletnieks@vt.edu
cc: David Wagner <daw-usenet@taverner.cs.berkeley.edu>,
       linux-kernel@vger.kernel.org
Subject: Re: [AppArmor 01/41] Pass struct vfsmount to the inode_create LSM
 hook
In-Reply-To: <14604.1180770021@turing-police.cc.vt.edu>
Message-ID: <Pine.LNX.4.64.0706020723030.954@asgard.lang.hm>
References: <653438.15244.qm@web36612.mail.mud.yahoo.com>
 <f3il25$pcp$1@taverner.cs.berkeley.edu> <20070524144726.GB3920@ucw.cz>
 <12508.1180719875@turing-police.cc.vt.edu>            <f3qrp6$ftn$1@taverner.cs.berkeley.edu>
 <14604.1180770021@turing-police.cc.vt.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 2593
Lines: 49

On Sat, 2 Jun 2007, Valdis.Kletnieks@vt.edu wrote:

> On Sat, 02 Jun 2007 04:30:30 -0000, David Wagner said:
>> I don't find the Windows stuff too relevant here.
>
> I'm surprised.  The only Windows-specific thing in the whole paragraph is that
> the attack described is currently wildly successful. And there *have* been
> known exploitable bugs in the Linux version of Firefox. In other words, all the
> pieces are in place for exactly the same thing to work on Linux.
>
> The type of hardening that AppArmor can provide network-facing daemons is only
> protecting the system against attacks that aren't even a large part of the
> threat model.   Exploiting a broken PHP script? Happens all the time, and
> AppArmor can't do much for it.

actually, this is _exactly_ where AppArmor is the most useful. if the PHP 
script is restricted by AppArmor it won't be able to go out and touch 
things that it's not supposed to.

> SQL injection? Happens all the time, and it
> can't help much there either.  Systems getting pwned because the sysadmin's
> laptop got hacked? Pretty common, and another thing that AppArmor won't slow
> down. But yes, I *will* grant that the next time there's a buffer overflow in
> Apache, AppArmor will be able to help *that*....
>
>>                                                    As I understand it,
>> AppArmor isn't aimed at defending Windows desktop users; it is aimed at
>> defending Linux servers.  A pretty different environment, I'd say.
>
> The only reason you're not seeing the same exact threat model against Linux
> servers is because it's still a minority.  It's *always* been true that one of
> the most productive attacks on a server has been to find a desktop that you can
> attack, and then abuse a trust relationship from the desktop to the server (and
> has been, ever since the server was a IBM mainframe and the desktop was an RJE
> station.  Amazing how trusting OS/360 was of a card deck tossed into a remote
> card reader... :)

if you are targeting one specific company or one specific server then you 
are correct, however most attacks are not that targeted, they do things 
like useing google to find random servers that are running vunerable 
software and attack that (or just try the attack against random IP 
addresses in case it happens to be running the vunerable software)

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/