... | ... | @@ -957,3 +957,21 @@ access when required, either via policy or trusted helpers. |
|
|
### [Confused Deputy Problem](https://en.wikipedia.org/wiki/Confused_deputy_problem)
|
|
|
The [confused deputy problem](https://en.wikipedia.org/wiki/Confused_deputy_problem) is a type of privilege escalation where an application with more privilege is tricked by an application into doing some for it that it does not have the authority to do. Delegation can help reduce/remove the confused deputy problem by giving an application the minimum privelege to do what it needs removing the need for applications to interacte with application that have more privilege than is required.
|
|
|
|
|
|
### Revalidation
|
|
|
|
|
|
Revalidation is when apparmor re-checks the validity of access to an opened object. A failed revalidation can result in access to the object being [revoked](???). Revocation generally occurs in just a few circumstance
|
|
|
* task is executing another task into a new domain (profile). Every open file descriptor object is revalidated. If revalidation fails the file descriptor is duped to a special null file. This maintains the file descriptor table positions, failures caused by new open() calls being assigned to previously assigned fds.
|
|
|
* profile is replaced/removed - the new profile is checked if it allows access to the object. Failure will generally result in the return of EACCES, with the fd remaining assigned to the object. This can result in additional revalidations in the future, if the failure is not cached.
|
|
|
* cached access check failure - if checking the cache for permission to access to the object fails, the object access will be revalidated.
|
|
|
|
|
|
### Revocation
|
|
|
|
|
|
Revocation occurs when an access to an opened object is removed (revoked).
|
|
|
|
|
|
Don't close open fds
|
|
|
|
|
|
special null
|
|
|
|
|
|
Return error
|
|
|
|
|
|
Note: due to some limits in the kernel full revocation is not always possible, and access to some objects may persist. |
|
|
\ No newline at end of file |