Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Aug 22, 2015, 1:36:14 AM (8 years ago)
- Author:
-
mmcco
- Comment:
-
add additional paragraph about MAC profiles and privsep
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v69
|
v70
|
|
173 | 173 | * packagers and OS/distro developers use this to write good MAC profiles |
174 | 174 | |
175 | | ''Anecdotally, it'd be nice to start the convention of using a tag like `PRIVSEP` in code to help packagers find points of potential lockdown. Lacking these, searching for `fork()` and `exec()`-family functions with cscope or something similar is a good approach. Beyond that, running the program in a debugger and breaking on new process creation is educational, as is understanding its initialization and `main()` logic well.'' |
| 175 | Put more bluntly: it probably isn't worth developers' time to learn AppArmor et al. in order to write profiles. As long as MAC frameworks are big and complicated, the above method is far more efficient. Simple programs that use very few privileges (Pidgin definitely doesn't qualify) may be exceptions. |
| 176 | |
| 177 | Anecdotally, it'd be nice to start the convention of using a tag like `PRIVSEP` in code to help packagers find points of potential lockdown. Lacking these, searching for `fork()` and `exec()`-family functions with cscope or something similar is a good approach. Beyond that, running the program in a debugger and breaking on new process creation is educational, as is understanding its initialization and `main()` logic well. |
176 | 178 | |
177 | 179 | === Breakages === |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!