[prev in list] [next in list] [prev in thread] [next in thread]
List: apparmor-dev
Subject: [Apparmor-dev] Re: [Apparmor-general] Slackware Linux AppArmor
From: Tony Jones <tonyj () suse ! de>
Date: 2006-08-08 21:39:34
Message-ID: 20060808213934.GA21273 () suse ! de
[Download RAW message or body]
On Sat, Aug 05, 2006 at 05:40:39PM +0100, Mark Seaborn wrote:
> Seth Arnold <seth.arnold@suse.de> wrote:
>
> > To address this issue, we have introduced new execute modifiers, 'U'
> > and 'P', to mimic 'u' and 'p'; using the capital modifier will set the
> > unsafe_exec flag and thus request glibc to clear the environment of
> > 'dangerous' variables, similar to setuid or setgid executables.
>
> The set of environment variables that programs trust is open-ended,
> and includes PYTHONPATH, PERL5LIB. I think ld.so only clears out the
> linker-related variables (LD_PRELOAD, LD_LIBRARY_PATH). Would it be
> better to have a whitelist of environment variables that are
> known-safe for each program?
We are using the in kernel secure-exec framework now. It marks (in the ELF
header) that a secure-exec is needed and leaves it to libc to wipe the
offending variables.
I'd hope this libc list is complete but clearly it's the greatest multiple
rather than targetted per profile. But per-profile implies kernel knowledge
and I think the above is the better way to go.
Tony
_______________________________________________
Apparmor-dev mailing list
Apparmor-dev@forge.novell.com
http://forge.novell.com/mailman/listinfo/apparmor-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic