On Tue, Jul 31, 2007 at 09:39:28AM -0700, Ng, Cheon-woei wrote: > I meant in general, a device driver has access to all of kernel memory. > Actually I am not aware of /dev/mem exploit; I will need to do some > research. : )
Right, you are correct about the design of the Linux kernel drivers. The /dev/mem issue is that programs that write to /dev/mem need to be limited to only a small region of all kernel memory (to access video devices, as I understand it). I haven't looked into this in any depth yet. > About AppArmor, it is ready to use? What profiles are available now? > Will there be any utilities? I will let Mathias answer this in more detail, but yes, it is ready for testing (if you're testing the Gutsy development cycle -- I would urge you to do so if you're interested in AppArmor). For profiles, see the contents of the "apparmor-profiles" package: http://packages.ubuntu.com/cgi-bin/search_contents.pl?word=apparmor-profiles&searchmode=filelist&case=insensitive&version=gutsy&arch=i386&page=1&number=all All the regular AppArmor utilities are available. There are plans for GUI tools: https://wiki.ubuntu.com/SecurityModuleAdminTool For more details: https://help.ubuntu.com/community/AppArmor -Kees -- Kees Cook
signature.asc
Description: Digital signature
-- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam