Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Aug 21, 2015, 8:18:28 PM (8 years ago)
- Author:
-
mmcco
- Comment:
-
more privsep info
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v59
|
v60
|
|
| 153 | 153 | [https://tails.boum.org/ Tails], an anonymity-focused operating system based on Tor and Debian, includes Pidgin and OTR by default. They've written an App^^Armor profile for Pidgin that's now included in the Debian/^^Ubuntu package `apparmor-profiles-extra`. |
| 154 | 154 | |
| | 155 | All existing MAC frameworks are pretty cumbersome and have a slow learning curve. (tame is trying to buck this trend, but it's far too new and rarely used to be an option yet.) So, the best model is: |
| | 156 | |
| | 157 | * program developers make their code multiprocess and refrain from using unnecessary privileges |
| | 158 | * packagers and OS/distro developers use this to write good MAC profiles |
| | 159 | |
| | 160 | ''Anecdotally, it'd be nice to start the convention of using a tag like `PRIVSEP` in code to help packagers find points of potential lockdown. Lacking these, searching for `fork()` and `exec()`-family functions with cscope or something similar is a good approach.'' |
| | 161 | |
| 155 | 162 | === Breakages === |
| 156 | 163 | |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
