LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security in the 20-teens - Default security policies

Security in the 20-teens - Default security policies

Posted Feb 2, 2010 14:18 UTC (Tue) by eparis123 (guest, #59739)
In reply to: Security in the 20-teens by dlang
Parent article: Security in the 20-teens

Every time you try to create such 'obvious' rules you will break something for someone.

I completely agree.

From around a month, I was very late on a college project that involved loading binary files to a MySQL database. Using ubuntu, the queries always filled NULL in the binary files columns, without any visible error messages.

After around 40 minutes of Googling, I found that the reason was an AppArmor policy enabled by default in Ubuntu. I even found it on the very last comment of a MySQL bugzilla entry.

Needless to say, I was very frustrated I consumed all that time on this trivial matter, while having very limited time till the deadline. I guess this is a pet example for users frustration with security; Casey Schaufler (author of SMACK) had a great quote about this in one of the previous weekly editions kernel quotes page.

(Log in to post comments)

Quote candidate

Posted Feb 3, 2010 21:09 UTC (Wed) by man_ls (subscriber, #15091) [Link]

Maybe this one? I don't see how it relates to AppArmor though.

Quote candidate

Posted Feb 4, 2010 19:12 UTC (Thu) by eparis123 (guest, #59739) [Link]

Yes, this was the one I meant. The relation I find is that an application developer (me, innocently working on a MYSQL program) got bitten heavily in the worst of times.

Maybe I did not understand the quote context very well too.

Accurate quote

Posted Feb 4, 2010 21:11 UTC (Thu) by man_ls (subscriber, #15091) [Link]

He said: "Application developers have historically been intolerant of systems that change their security policy on the fly." It was me who was missing some context; in fact it was some silly grammar mistake on my part. I thought "their" referred to "systems", not to "application developers", and didn't see how AppArmor changes its own security policy on the fly. It doesn't; it changes application developer's security policy. And yes, it is annoying when that happens.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds