--- Jeremy Maitin-Shepard <jbms@xxxxxxx> wrote: > ... > Well, my point was exactly that App Armor doesn't (as far as I know) do > anything to enforce the argv[0] convention, Sounds like an opportunity for improvement then. > nor would it in general > prevent a confined program from making a symlink or hard link. Even > disregarding that, it seems very fragile in general to make an suid > program (there would be no point in confining the execution of a > non-suid program) perform essentially access control based on argv[0]. I think that you're being generous calling it fragile, but that's my view, and I've seen much worse. I agree that it would be a Bad Idea, but the fact that I think it's a bad idea is not going to prevent very many people from trying it, and for those that do try it name based access control might seem like just the ticket to complete their nefarious schemes. Remember that security is a subjective thing, and using argv[0] and AppArmor together might make some people feel better. Casey Schaufler casey@xxxxxxxxxxxxxxxx - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
