Hello, I am running Testing/Sid amd64 with Multi-Arch enabled (i. e. Acrobat Reader and Skype from i386) on a single-user machine and here’s what I want to achieve: - Programs that process data ‘from the internet’ are only allowed to access the files they strictly need to access, plus a $HOME/Desktop (to share files with other such processes etc.) - The same restrictions apply to childs of these processes - All other processes are allowed to do whatever their standard Unix permissions allow them to do. In the past, I achieved this via AppArmor and custom profiles for Pidgin, Opera, Iceweasel and Skype[1,2]. However, I just noticed that there don’t appear AppArmor profiles to be around for Kernel 3.3 or 3.4, and, aside from that, only Ubuntu appears to use it, while SELinux is much more common. A bit more reading in the Debian Handbook then illustrated that SELinux is apparently more powerful but also more complex than AppArmor. My question is: Would it make sense to deploy SELinux on my system to achieve the tasks mentioned above? I know that security cannot be absolute, but I would feel much more comfortable if an exploit in the MSN handler of Pidgin or a plugin gone wild in Opera wouldn’t make my private SSH keys accessible to the world :-) Best regards & many thanks, Claudius [1] Not Claws Mail because it needs to read my mail anyways and there’s little that needs more protection on my computer than my mail. [2] Writing these profiles was relatively straight-forward, especially since I didn’t care about stuff outside of /home and /tmp. -- Never trust a child farther than you can throw it. http://chubig.net telnet nightfall.org 4242
Attachment:
signature.asc
Description: PGP signature