User manual NOVELL APPARMOR 2.0.1 ADMINISTRATION GUIDE

[. . . ] Novell AppArmor 2. 0. 1 November 29, 2006 www. novell. com Novell AppArmor Administration Guide Novell AppArmor Administration Guide Copyright © 2006 Novell, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1. 2 or any later version published by the Free Software Foundation; with the Invariant Section being this copyright notice and license. A copy of the license is included in the section entitled "GNU Free Documentation License". Novell, the Novell logo, the N logo, openSUSE, SUSE, and the SUSE "geeko" logo are registered trademarks of Novell, Inc. [. . . ] See ld. so(8) for some information about setuid and setgid environment scrubbing. Unconstrained Execute Mode (ux) Allows the program to execute the resource without any Novell AppArmor profile applied to the executed resource. This mode is useful when a confined program needs to be able to perform a privileged operation, such as rebooting the machine. By placing the privileged section in another executable and granting unconstrained execution rights, it is possible to bypass the mandatory constraints imposed on all confined processes. For more information about what is constrained, see the apparmor(7) man page. WARNING: Using Unconstrained Execute Mode (ux) Use ux only in very special cases. It enables the designated child processes to be run without any AppArmor protection. ux does not scrub the environment of variables such as LD_PRELOAD. As a result, the calling domain 70 Novell AppArmor Administration Guide may have an undue amount of influence over the callee. Use this mode only if the child absolutely must be run unconfined and LD_PRELOAD must be used. Any profile using this mode provides negligible security. This mode is incompatible with Ux, px, Px, and ix. Unconstrained Execute Mode (Ux)--Clean Exec Ux allows the named program to run in ux mode, but AppArmor invokes the Linux kernel's unsafe_exec routines to scrub the environment, similar to setuid programs. See ld. so(8) for some information about setuid and setgid environment scrubbing. WARNING: Using Unconstrained Execute Mode (Ux) Use Ux only in very special cases. It enables the designated child processes to be run without any AppArmor protection. Use this mode only if the child absolutely must be run unconfined. Inherit Execute Mode (ix) ix prevents the normal AppArmor domain transition on execve(2) when the profiled program executes the named program. Instead, the executed resource inherits the current profile. This mode is useful when a confined program needs to call another confined program without gaining the permissions of the target's profile or losing the permissions of the current profile. There is no version to scrub the environment because ix executions do not change privileges. Allow Executable Mapping (m) This mode allows a file to be mapped into memory using mmap(2)'s PROT_EXEC flag. [. . . ] Intrusion detection systems might use attack signatures to distinguish between legitimate and potentially malicious activity. By not relying on attack signatures, Novell AppArmor provides "proactive" instead of "reactive" defense from attacks. This is better because there is no window of vulnerability where the attack signature must be defined for Novell AppArmor as it does for products using attack signatures to secure their networks. Refers to a software front-end meant to provide an attractive and easy-to-use interface between a computer user and application. [. . . ]