AppArmor

Revision 3 as of 2006-05-27 12:30:07

Clear message

Summary

Implement an easy to use application security framework based on AppArmor in Ubuntu, to be available by default. The kernel packages must be patched to include a small kernel patch. The rest of the AppArmor framework will have its own packages. Profiles (security profiles) must be created for suid:ed applications and server daemons. The profiles can either be provided in a dedicated packages or in the packages which the profile is created for.

Rationale

[http://en.opensuse.org/Apparmor AppArmor] proactively protects the system from security threats, both internal and external. It enforce the applications to only be able to access resources aimed to be accessed by the application. In this way the system is protected to both known and unknown threats.

For each application we want to protect or increase the security around, a security profile is created. The profile describes what files or devices the application is allowed to read, write and/or execute.

Use cases

  • A new security flaw is presented as a zero-day in a daemon based application, eg ssh and httpd. The security flaw allows an unauthorized user to upload and execute any code of the intruder's choice. Since the server daemon will be protected by an AppArmor security profile, the possible intruder on the Ubuntu system will not be able to upload and then run the code. Since the application's profile describes that the application do not have the right to execute files it has the right to edit.

Scope

The recommended prioroty order from the AppArmor project to create profiles are:

  1. Network daemons (such as sshd, web-servers, and web-applications)
  2. cron jobs
  3. root-privileged programs run in the boot sequence
  4. network-facing user applications such as Firefox, Thunderbird,
    • Gaim, Konqueror, KMail, and Kopete etc

I the first stage I recommend to do 1, 2 and may be 3. In a later stages we even want to create profiles for softwares included in 4.

Design

  • Copy as much as possible from Suse and adapt it to Ubuntu.

Implementation

  1. Apply patch too linux-image-*

  2. Build packages for the AppArmor application (proof of concept exists, see below.)

  3. Create profiles for all network agents in main and default installed cron-jobs.
  4. Continue creating profiles for software with lower priorty.

Later it may be interesting to port the YAST-GUI to a clean GNOME-GUI, this will need some coding.

Code

Some minor corrections in the scripts are needed.

Data preservation and migration

None

Outstanding issues

BoF agenda and discussion

References

CategorySpec CategorySpec