Jeremy Maitin-Shepard <jbms@xxxxxxx> writes: > [snip] > Well, my point was exactly that App Armor doesn't (as far as I know) do > anything to enforce the argv[0] convention, nor would it in general > prevent a confined program from making a symlink or hard link. Even > disregarding that, it seems very fragile in general to make an suid > program (there would be no point in confining the execution of a > non-suid program) perform essentially access control based on argv[0]. Note that by "confining the execution of a non-suid program", I mean defining an App Armor profile that prevents the execution of a particular non-suid program, unless of course the program file itself contains secret information, which is irrelevant to this discussion. -- Jeremy Maitin-Shepard - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
