[conspire] Autorun in GNOME/Nautilus

Ruben Safir ruben at mrbrklyn.com
Wed Sep 28 03:14:25 PDT 2011 

On Wed, Sep 28, 2011 at 09:59:40AM +0000, Nick Moffitt wrote:
> imRunCond expanded to false
> Status: RO
> 
> Rick Moen:
> > AppArmor is per-application sandboxing, enforced by a kernel that
> > includes the necessary LSM code.
> > 
> > It requires that a 'policy' file exist for any application that's to
> > be corraled in this fashion:  The policy file describes various sorts
> > of access that will be permitted or denied to particular pathspecs.
> 
> This is an important change from SELinux, which did the right thing from
> a security perspective but entirely the wrong thing from a user
> interface perspective.  SELinux prevented EVERYTHING, and you switched
> on permissions as warranted.  Unfortunately the procedures for doing
> this weren't widely understood, and admins regularly found themselves in
> a situation where the only information they had was that globally
> disabling SELinux allowed some program to do the work they needed. 
> 
> Bad scene.
> 
> AppArmor does a slightly wrong thing, from a security perspective, in
> that it is default-allow in the set of applications it protects (though
> the profiles themselves are typically written in a default-deny
> fashion).  Your hand-compiled program in your home directory isn't
> covered by it, nor is the proprietary vendor-supplied zipfile you opened
> up into the /opt ghetto.  But applications that are known to be handling
> risky data or performing sensitive tasks can be locked down to only
> their accepted operational parameters.
> 
> This means that admins don't find themselves shutting off apparmor
> just so apache can bind to a funny port.  It also means that distros can
> build metre-thick concrete bunkers around programs like evince.
> 
> > [1] To get some idea of why Evince needs help, compare its and xpdf's
> > dependencies in my page about PDF readers,
> > http://linuxmafia.com/faq/Apps/pdf-readers.html .  (I exclude X11 core
> > libs and also libgcc and friends.)
> 
> Have a look at Ubuntu's /etc/apparmor.d/usr.bin.evince profile sometime.
> Kees Cook put a lot of effort into that one, and it's got almost no
> wiggle room at all!  
> 

are you saying evince can run an executable?

Ruben

> -- 
> "As I soared high into the tag cloud Xeni Jardin
> carefully put up for me, I couldn't help but wonder how
> high we were above the blogosphere." -- Carlos Laviola
> 
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://l

-- 
http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software

So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world  - RI Safir 1998

http://fairuse.nylxs.com  DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

"Yeah - I write Free Software...so SUE ME"

"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."

"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt.  I guess you missed that one."

© Copyright for the Digital Millennium

More information about the conspire mailing list