Page 12 of 12 FirstFirst ... 2101112
Results 111 to 112 of 112

Thread: TuxGuardian - application based firewall

  1. #111
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by Dangertux View Post
    To clarify I meant the 99% statement to be without MAC -- so you probably do agree with me just not the way I worded it lol.

    I would certainly hope mandatory access controls do something in terms of 0 day since that's pretty much the only reason people use them. Though when you start talking about browser exploitation and other client side attack vectors the game changes considerably, as most client side apps need access to whatever is the target in the first place. So 0day still has a good chance of owning you.
    Browsers are a problem , take a look at the firefox apparmor profile.

    I think the only answer there is to not use them for such diverse activity, I don't.

    Convenience and security are often at odds. Sure it is nice for flash to "just work", but not so nice to be pwned by flash.

    For an example of what selinux will do for you:

    1. I confine all my users with selinux.

    2. See selinux sandbox.

    http://blog.bodhizazen.net/linux/selinux-sandbox/

    3. SELinux (and apparmor) can indeed be effective against some zero day exploits

    http://danwalsh.livejournal.com/45194.html

    https://media.blackhat.com/bh-us-11/...oid_Slides.pdf

    But not all, for example, the recent BIND exploit.

    http://cve.mitre.org/cgi-bin/cvename...=CVE-2011-4313

    I do not think MAC (selinux or apparmor) would help with that ^^
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  2. #112
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: TuxGuardian - application based firewall

    Quote Originally Posted by bodhi.zazen View Post
    Browsers are a problem , take a look at the firefox apparmor profile.

    I think the only answer there is to not use them for such diverse activity, I don't.

    Convenience and security are often at odds. Sure it is nice for flash to "just work", but not so nice to be pwned by flash.

    For an example of what selinux will do for you:

    1. I confine all my users with selinux.

    2. See selinux sandbox.

    http://blog.bodhizazen.net/linux/selinux-sandbox/

    3. SELinux (and apparmor) can indeed be effective against some zero day exploits

    http://danwalsh.livejournal.com/45194.html

    https://media.blackhat.com/bh-us-11/...oid_Slides.pdf

    But not all, for example, the recent BIND exploit.

    http://cve.mitre.org/cgi-bin/cvename...=CVE-2011-4313

    I do not think MAC (selinux or apparmor) would help with that ^^
    No the Bind issue it wouldn't help with as it's exploiting functionality of the named service itself, which would have to be permitted or named would fail to function.

    SELinux sandbox...have it on fedora want it on Ubuntu -- the python sandbox app will not work until debian upstream fixes se-tools DESPERATELY WANT!!! I think it would be a nice thing to have in the event of these "how to sandbox" an app discussions, SELinux makes it MUCH easier than Apparmor.

Page 12 of 12 FirstFirst ... 2101112

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •