Saturday, September 29, 2012

Securing Google Chrome in Ubuntu 12.04 with AppArmor and Seccomp

Yesterday I posted some custom Firefox AppArmor profiles for Ubuntu 12.04. Today I will show you how to get the most protection for Google Chrome on Ubuntu 12.04.

Thursday, September 27, 2012

Custom Firefox AppArmor Profile For Ubuntu 12.04

In my last post I described what a MAC is and why you should take advantage of the LSM included in the Linux kernel.  Today I want to share an AppArmor profile for a few popular applications in Ubuntu 12.04 which should increase the security of those applications rather dramatically.

Tuesday, September 25, 2012

AppArmor, MAC, and Why You Should Care

The traditional Linux security model is derived from Unix.  This model is known as Discretionary Access Control (DAC).  In this model file access is specified by the owner (or group) permissions of the file.  This is the traditional UGO (user-group-other) model most of us are familiar with on Unix like systems. Essentially, this means "Bob" is free to modify any files he owns.  If he doesn't own the file, then someone else (a different user or the system admin) determines what access (if any) he has by setting the r-w-x bit.  If the file is owned by Bob, he can change the r-w-x bits as he sees fit.  And of course, the root user (superuser) can change the ownership of any file as well as set the rwx bits as he/she sees fit.

Monday, September 24, 2012


I think I will start this blog up again.  I will keep the focus on computer security issues, crypto, exploit mitigation, etc.  I have a few posts in mind to get back into things.