-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Jason Ayala:
> Really? :/
>> I was being purposes provocative, hoping you'd contradict me :)
> I've been doing my best to find answers, but it's not going well.
>> I take back "poorly developed". Development is active and ongoing.
>>> For poorly understood and underpowered, take a look at:
> http://blog.azimuthsecurity.com/2012/09/poking-holes-in-apparmor-profiles.html
Yes,
>that sounds pretty devastating. However, in the comments section
there is a link to a bug report and the related bugs are all marked as
fixed. We could contact the author and ask what he now things about
AppArmor.
> I dare you to find anyone working on and sharing profiles...
>> Apparmor apparently used to have a repo but shut it down (no
> explanation) http://wiki.apparmor.net/index.php/Profile_repo
>> Ubuntu has a repo for the profiles they include with the OS (with
> various levels of quality. Half are off by default)
> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles
>>http://bazaar.launchpad.net/~apparmor-dev/apparmor-profiles/master/files/head:/ubuntu/13.10/
>>> Those two are not mutually exclusive. Together with compiler
>> hardening, they're all useful.
> ...
>> Is it really that bad?
>> Ok fine. You're right. If someone wants to work on apparmor
> profiles, why not?
Yes.
> Hell, I'm a bit interested in it too. But I'm discouraged by what I
> see so far... Browsing through several profiles, there's a
> suprising amount of "WTF does this do?" comments.
Yes, its not perfect due to lack of interest from kernel devs and
general few people working on such things. grsecurity is no
alternative, unfortunately:
https://whonix.org/wiki/Advanced_Security_Guide#About_grsecurity
The main work has to be done by the underlying operating system and
much too few people are working on Whonix. There are distributions
focusing on usability (and a bit security) - Ubuntu, distributions
focusing on usability and pretty looks - Mint, but none focusing on
security while providing better security than Debian. At least not
that I know off.
Only alternatives would be Fedora+selinux which Qubes OS is based on.
Switching to Qubes OS would be another unrelated security enhancement.
The full story is here:
https://whonix.org/wiki/Dev/Operating_System
> And I'm discouraged by the fact that there's no working tor browser
> profile nor user developed profiles being shared. I just wouldn't
> put my hopes in it.
AppArmor needs someone dedicated and having fun to work on this, while
this work may not be the most prestige and rewarding work.
>> (For example, it would NOT have prevented the FH js exploit).
>> Though I don't pretend to understand concepts surrounding injecting
> machine code into memory via an exploit... (Did the injected code
> run under the firefox process? What was the nature of the crash of
> firefox that it induced? Was it a buffer overflow?)
I don't know. We could ask @vlad902.
> The article above explains that apparmor poorly defends against
> arbitrary code execution.
It is my understanding, that AppArmor doesn't try to prevent that.
Other techniques do (compiler hardening flags). AppArmor confines the
process once it has been taken over. Yes, and fails once a kernel
vulnerability has been found as well.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJSBXI+AAoJEJwTGtNxOq7vbtQP/3cpQzIm69zMldh2spi2JUJJ
Zjzkk2NWL2QSIat/8qReeFvLCTEnBTl26qYHMF35hWkYcTYy0OXni/si8P/DApOb
H6n761MoGS5lCJMHxp8H0YRLXsjMF1WEeB4RQxIRXftlMvk14HW918nxlb/sH0Nn
hs2Y+YCmUFLnjvxsYorpnZK/U4oO9pX7+80V42/dy3sFuiYyEP9zAODU5CjXkRAG
A6NUpuXRTjXATQsH+3vB2lIjXWoJwSBKUabYjjrMaZS7aPMhUUtD/rBPKD3moRXS
JkHoWXhaW5joWNfo6TQ+x6S7xI4EjCPIr534k3LXOTWwhvp+H0gL3NA1ImqilODe
pufo2XgSS1/+tUr3BaGB67Qncj5WFdkwsOrLy6fOaPmxW/BOH3SRHnY6pp1R/mPT
/Q5pVeawSVF3k7rd6fPUpFcb3ji5985SD9GYrqu1+h9NpWjMEwVCpQhOV2nUuhii
p5J7pxPPXbZLrrWsqvY20LBTKH5GGGeFF7P4ntY/L3A45cSOPVpIoqE0wHl+cTN5
ZkWV7PkgkJvCRGGx85lLjTPkxNhZCrTzTbt6zkWgHoaGZY8Zpte4buOwHBtCEv10
DzO4eU+6fBEFSslOHXSzJzWiNW+5s30nJM5fLD3QCi/HxztToh5iUeR0WSO4e70W
F+piIZXEA7gU1i/4pUX8
=rnVg
-----END PGP SIGNATURE-----
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 igov.org.cn www.ximu8.com.cn www.herla.com.cn www.juxie4.com.cn www.cijie9.com.cn www.gzjkrb.com.cn www.guoqu5.com.cn www.993tv.com.cn ad-sonic.com.cn www.84752.com.cn