25
Profiling Your Web
Applications Using ChangeHat
A Novell® AppArmor profile represents the security policy for an individual program
instance or process. It applies to an executable program, but if a portion of the program
needs different access permissions than other portions, the program can “change hats”
to use a different security context, distinctive from the access of the main program.
This is known as a hat or subprofile.
ChangeHat enables programs to change to or from a hat within a Novell AppArmor
profile. It enables you to define security at a finer level than the process. This feature
requires that each application be made “ChangeHat aware” meaning that it is modified
to make a request to the Novell AppArmor module to switch security domains at arbitrary
times during the application execution. Two examples for ChangeHat-aware applications
are the Apache Web server and Tomcat.
A profile can have an arbitrary number of subprofiles, but there are only two levels: a
subprofile cannot have further sub-subprofiles. A subprofile is written as a separate
profile and named as the containing profile followed by the subprofile name, separated
by a
^
. Subprofiles must be stored in the same file as the parent profile.
Note that the security of hats is considerably weaker than that of full profiles. That is
to say, if an attacker can find just the right kind of bug in a program, they may be able
to escape from a hat into the containing profile. This is because the security of hats is
determined by a secret key handled by the containing process, and the code running in
the hat must not have access to the key. Thus change_hat is most useful in conjunction
with application servers, where a language interpreter (such as PERL, PHP, or Java) is
isolating pieces of code such that they do not have direct access to the memory of the
containing process.
Profiling Your Web Applications Using ChangeHat
315
Summary of Contents for LINUX ENTERPRISE DESKTOP 11
Page 1: ...SUSE Linux Enterprise Server www novell com 11 March 17 2009 Security Guide...
Page 9: ...32 7 Managing Audit Event Records Using Keys 433 33 Useful Resources 435...
Page 10: ......
Page 29: ...Part I Authentication...
Page 30: ......
Page 55: ...Figure 4 2 YaST LDAP Server Configuration LDAP A Directory Service 41...
Page 126: ......
Page 127: ...Part II Local Security...
Page 128: ......
Page 158: ......
Page 173: ...Part III Network Security...
Page 174: ......
Page 194: ......
Page 197: ...Figure 16 2 Scenario 2 Figure 16 3 Scenario 3 Configuring VPN Server 183...
Page 210: ......
Page 228: ......
Page 229: ...Part IV Confining Privileges with Novell AppArmor...
Page 230: ......
Page 274: ......
Page 300: ......
Page 328: ......
Page 340: ......
Page 342: ......
Page 386: ......
Page 387: ...Part V The Linux Audit Framework...
Page 388: ......