[Apparmor-dev] Re: AppArmor Security Goal
Andi Kleen
andi at firstfloor.org
Sat Nov 10 14:04:35 MST 2007
Crispin Cowan <crispin at crispincowan.com> writes:
The document should be a good base for a merge.
> * A confined process can operate on a file descriptor passed to it
> by an unconfined process, even if it manipulates a file not in the
> confined process's profile. To block this attack, confine the
> process that passed the file descriptor.
That is the only thing that tripped me up a bit while reading the document.
Can you expand a bit on the reasons why the fd is not rechecked in
the context of the target process? Best do it in a new version of the
document.
-Andi
More information about the Apparmor-dev
mailing list