[e-lang] E + MinorFs + AppArmor: adding Tahoe to the stack ?
Matej Kosik
kosik at fiit.stuba.sk
Sat Jan 30 01:39:33 PST 2010
Karp, Alan H wrote:
> Matej Kosik wrote:
>> I do not understand the argument that AppArmor is indispensable (even if
>> some process has to access files on the filesystem or interact with
>> other processes). Is there a security policy which cannot be enforced in
>> ocap-language (over untrusted modules written in this language)?
>> Obviously (for me) not, but I guess you do not concur.
>>
> AppArmor will protect you if there is an exploitable flaw in the ocap program.
I would aggree if you said "can in some cases protect" instead of "will
protect".
I know that I make many errors. This is exactly why I appreciate
object-capability languages. They enable me to mitigate the risk to
acceptable level.
(although it is still wise to be willing to pay bounties for remaining
security flaws)
Usage of AppArmor has non-zero cost. I am not sure, if it also has
non-zero value (when used in conjunction with robust software systems
written in some object-capability language). I am not aware of any
studies that would prove or disprove my theory concerning AppArmor
value. At the moment I rely on my intuition.
More information about the e-lang
mailing list