[Apparmor-dev] apparmor.vim

Thu Aug 30 16:31:32 MDT 2007

Christian Boltz wrote:
> A small question remains that Seth couldn't answer:
> Which keywords for "network" are dangerous (things like raw packages)? 
> Currently I flag "raw" in red. Are there more I should mark this way?
>   
Some shoot-from-the-hip proposals:

    * any low-numbered port is yellow
    * port 22 is red

Hmmm. I don't have any other ideas. The security significance of a
network rule is so context dependent.

    * "Can accept from" is much more dangerous from the internet than
      from some restricted address, but that's likely beyond vim's
      parsing ability, and we don't yet have addresses in this release.
    * "Can initiate connection" is perfectly safe in a client (Firefox)
      and very dangerous in a server (Apache) but how would vim know
      which a profile is?
    * ... etc. etc.

Crispin