ApacheAppArmorSpec
Launchpad Entry: security-karmic-webservice-profiles
Created: 2009-06-03
Contributors: mdeslaur
Packages affected: apache2, apparmor, php and perl web applications
Summary
AppArmor contains an Apache 2 module that can "change hats" when running certain scripts. This will enable us to protect certain web applications from security issues by writing AppArmor profiles for them. This spec is about enabling AppArmor module integration by default in the Apache 2 packages, creating a default non-restrictive Apache 2 profile, and a directory layout scheme to enable web applications to easily bundle AppArmor profiles.
Release Note
Apache 2 now contains AppArmor integration. The libapache2-mod-apparmor package is now a dependency, and mod_apparmor is enabled by default with a non-restrictive profile. Web applications can be protected with AppArmor profiles by using a "AAHatName" configuration option, and by placing an AppArmor profile in the appropriate directory.
Rationale
Web applications written in scripting languages such as php and perl are targeted by hackers as they can easily contain software vulnerabilities leading to system compromise.
Since they are executed using an Apache module, they are executed in the Apache process space. The mod_apparmor module lets us set a specific profile for each web application, and that profile can be installed by the application's packages.
Confining a web application with an AppArmor profile will limit what an attacker will be able to do once an application is compromised.
Design
To be determined.
Implementation
To be determined.
Test/Demo Plan
To be determined.
Unresolved issues
To be determined.
SecurityTeam/Specifications/Karmic/ApacheAppArmorSpec (last edited 2009-11-25 19:01:50 by c-76-105-168-175)