Chrome sandboxing method, for other applications? - Page 2

Hungry Man · #26 July 9th, 2012, 10:22 PM

@ m00n,

Apparmor does work by pathname, that's correct. SELinux does not though.

Quote:

Microsofts own 64-bit kernel protection seems to hold off some bad software but at the same time "preventing" good software like sandboxie or full blown av products to do their job well. Hence the "64-bit experimental mode" inside sandboxie to somehow work with 64bit kernel of windows.

Anyway, I'm going on a limb here, please forgive me for saying this but:
It almost seems if Microsoft doesn't want software like shadow defender or returnil or deep freeze to work, so that AV/anti-malware companies stay in business !

They likely don't. Linux allows for multiple different LSMs through the kernel but this actually opens up a hole for attack. The only way around this is to choose only a single LSM and have it be the only one allowed to work. Taht would mean all distros would have to use AppArmor or SELinux or whatever other one.

Microsoft decided they don't want to give that choice to the users so they created their own security model, MIAC, and they're enforcing only that.

#27 July 9th, 2012, 10:42 PM

Opens up a hole for attack how? I was under the impression that LSMs could only be changed or disabled on boot. And is this something purely theoretical, or has it been exploited in practice?

Hungry Man · #28 July 9th, 2012, 11:55 PM

Quote:

Because LSM is compiled and enabled in the kernel, its symbols are exported. Thus, every rootkit and backdoor writer will have every hook he ever wanted in the kernel. This will allow for a new generation of sophisticated backdoors and rootkits that will be nearly impossible to detect.

-httxs://grsecurity.net/lsm.php-

https://www.linux.com/learn/linux-tr...dule-what-isnt

m00nbl00d · #29 July 10th, 2012, 07:57 AM

Quote:

Originally Posted by Hungry Man

@ m00n,

Apparmor does work by pathname, that's correct. SELinux does not though.[...]

Yep. I'd pick SELinux if I were using Linux. I prefer its method of protection over AppArmor.

Hungry Man · #30 July 10th, 2012, 11:30 AM

You say that now =p but when you see a SELinux profile you'll change your mind.

m00nbl00d · #31 July 10th, 2012, 11:40 AM

Quote:

Originally Posted by Hungry Man

You say that now =p but when you see a SELinux profile you'll change your mind.

No pain, no gain.

Hungry Man · #32 July 10th, 2012, 03:28 PM

True. I would rather just use SELinux but it's a huge amount of pain for not a ton of gain =p

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search