[Whonix-devel] AppArmor

adrelanos adrelanos at riseup.net
Sat Aug 10 00:50:41 CEST 2013

Hash: SHA512

Jason Ayala:
> Really? :/
> I was being purposes provocative, hoping you'd contradict me :)
> I've been doing my best to find answers, but it's not going well.
> I take back "poorly developed". Development is active and ongoing.
> For poorly understood and underpowered, take a look at: 
> http://blog.azimuthsecurity.com/2012/09/poking-holes-in-apparmor-profiles.html

that sounds pretty devastating. However, in the comments section
there is a link to a bug report and the related bugs are all marked as
fixed. We could contact the author and ask what he now things about

> I dare you to find anyone working on and sharing profiles...
> Apparmor apparently used to have a repo but shut it down (no
> explanation) http://wiki.apparmor.net/index.php/Profile_repo
> Ubuntu has a repo for the profiles they include with the OS (with
> various levels of quality. Half are off by default) 
> https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles
>> Those two are not mutually exclusive. Together with compiler
>> hardening, they're all useful.
> ...
>> Is it really that bad?
> Ok fine. You're right. If someone wants to work on apparmor
> profiles, why not?


> Hell, I'm a bit interested in it too. But I'm discouraged by what I
> see so far... Browsing through several profiles, there's a
> suprising amount of "WTF does this do?" comments.

Yes, its not perfect due to lack of interest from kernel devs and
general few people working on such things. grsecurity is no
alternative, unfortunately:

The main work has to be done by the underlying operating system and
much too few people are working on Whonix. There are distributions
focusing on usability (and a bit security) - Ubuntu, distributions
focusing on usability and pretty looks - Mint, but none focusing on
security while providing better security than Debian. At least not
that I know off.

Only alternatives would be Fedora+selinux which Qubes OS is based on.
Switching to Qubes OS would be another unrelated security enhancement.

The full story is here:

> And I'm discouraged by the fact that there's no working tor browser
> profile nor user developed profiles being shared. I just wouldn't 
> put my hopes in it.

AppArmor needs someone dedicated and having fun to work on this, while
this work may not be the most prestige and rewarding work.

>> (For example, it would NOT have prevented the FH js exploit).
> Though I don't pretend to understand concepts surrounding injecting
> machine code into memory via an exploit... (Did the injected code
> run under the firefox process? What was the nature of the crash of
> firefox that it induced? Was it a buffer overflow?)

I don't know. We could ask @vlad902.

> The article above explains that apparmor poorly defends against
> arbitrary code execution.

It is my understanding, that AppArmor doesn't try to prevent that.
Other techniques do (compiler hardening flags). AppArmor confines the
process once it has been taken over. Yes, and fails once a kernel
vulnerability has been found as well.


More information about the Whonix-devel mailing list