Hardening systems with AppArmor

GOLDEN CAGE

Article from Issue 66/2006

Author(s): RALF SPENNEBERG

After penetrating a remote system, intruders might think they are home and dry, but AppArmor spoils the fun, locking the miscreants in a virtual cage.

Nobody’s perfect – and this is particularly true of software. Any non-trivial application will have its fair share of programming errors. Intruders exploit these errors, taking control of the software, and making the program do things the developer never envisaged. The situation starts to become critical if the application has privileges that are different from the privileges of the attacker. For example, the ping command requires root privileges in order to send the special packet formats that it needs. But it is theoretically possible for the process to misuse its root privileges to cause all kinds of trouble. Although ping is a well-behaved program, an attacker capable of hijacking the tool would have unrestricted access to the rest of the system.

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Related content

AppArmor

When an attacker succeeds in infecting a victim’s system, the attacker inherits the victim’s privileges. App Armor beats the attack by reducing the potential victim’s privileges to a minimum.

more »
AppArmor vs. SELinux

Security Enhanced Linux or App Armor? Linux Magazine invited two well-known personalities from Red Hat and Novell to debate the merits of their security systems.

more »
Novell Dismisses AppArmor Developer

Two years after acquiring the company that developed AppArmor Novell has dismissed the developer behind the security technology.

more »
Rootkits and Linux Security

Your Linux system may not be so airtight after all. To understand the threats, you need to think like an intruder. We'll show you what the intruders are thinking now about the Linux 2.6 kernel.

more »
LINUX MAGAZINE DVD

more »

comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Hardening_Systems_with_Apparmor.pdf (359.41 kB)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

LibreOffice 5.4 Released

Comes with improved support for Microsoft Office file formats.
Red Hat to Drop Support for Btrfs

The company is building their own storage solution called Stratis.
Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.
Kolab Now Integrates Collabora Online

Kolab Now subscribers now have access to Collabora Online.
Endless OS, a Distribution Without Internet

A new version of Endless OS has been released.
GitHub Announces Open Source Friday Program

They encourage people to take time out and work on open source projects on Friday.
System76 Announces Their Own Distro, Pop!_OS

Pop!_OS is based on Ubuntu and uses the Gnome stack.
Linus Torvalds Talks About His Motivation

He never tires of working on the Linux kernel.
Debian 9 Stretches Its Wings

The new release of Debian has a very strong focus on security.
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

Two trojans in the wild are targeting Linux machines.