Hi! > >>>If we want "/etc/shadow" to be the only way to access the shadow file > >>>we could label the data with "/etc/shadow". Any attempts to access > >>>this data using a renamed file or link would be denied (attempts to > >>>link or rename could also be denied). > >>Eloquently put. > >> > >>AppArmor actually does something similar to this, by mediating all of > >>the ways that you can make an alias to a file. These are: > >... > >> * Hard links: AppArmor explicitly mediates permission to make a hard > > > >Unfortunately, aparmor is by design limited to subset of distro > >(network daemons). Unfortunately, some other programs (passwd, vi) > >routinely make hardlinks. So AA mediating hardlink is not enough, as > >vi will happily hardlink /etc/shadow into /etc/.vi-shadow-1234. > > but with the AA design of default deny this isn't a big problem unless you > specificly allow some network daemon to access /etc/.vi-shadow-1234
...or unless vi decides to hardlink into /tmp or something. > no, this won't help you much against local users, but there are a _lot_ of > boxes out there with few, if any, local users who don't also have the root > password. AA helps the admin be safer when configuring netwrok daemons. Hmm, I guess I'd love "it is useless on multiuser boxes" to become standard part of AA advertising. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/