Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

[pmeunier at cerias.purdue.edu (Pascal Meunier)]

AppArmor sounds like an excellent alternative to creating a VMWare image for
every application you want to run but distrust, although I can think of
cases where a VMWare image would be safer.  For example, the
installer/uninstaller may have vulnerabilities, may be "dirty" (it causes
problems by modifying things that affect other applications, or doesn't
cleanup correctly), or phones home, etc...  I guess you could make a profile
for the installer as well (I'm not very enthusiastic about that idea
though).  Also, I suspect that what you need to allow in some profiles is
possibly sufficient to enable "some level" of malicious activity.  It's
regrettable that it is only available for Suse Linux.

Perhaps one of the AppArmor mailing lists would be more appropriate to ask
this, but as you posted an example profile with "capability setuid", I must
admit I am curious as to why an email client needs that.  I tried looking up
relevant documentation on the Novell site, but it seems I was unlucky and
tried during a maintenance period because pages were loading erratically.  I
finally got to the "3.0 Building Novell AppArmor Profiles" page but it was
empty.  I would appreciate receiving more information about it.  I am also
interested in the "Linux Security Modules Interface".

Regards,
Pascal Meunier

On 4/2/06 6:49 PM, "Crispin Cowan" <crispin at novell.com> wrote:

> This is exactly what AppArmor <http://en.opensuse.org/Apparmor> was
> designed for: conveniently confining applications to only be able to do
> what they need to do. Application's least privilege.
>
> I am running this mail client (Thunderbird) from within a "sandbox" (we
> call it a "profile"). I have attached this policy, which should be
> pretty self-explanatory.