On Tue, 2021-11-30 at 11:06 -0500, Stefan Berger wrote:
> Move measurement list related variables into the ima_namespace. This
> way a
> front-end like SecurityFS can show the measurement list inside an IMA
> namespace.
>
> Implement ima_free_measurements() to free a list of measurements
> and call it when an IMA namespace is deleted.
This one worries me quite a lot. What seems to be happening in this
code:
> @@ -107,7 +100,7 @@ static int ima_add_digest_entry(struct
> ima_namespace *ns,
> qe->entry = entry;
>
> INIT_LIST_HEAD(&qe->later);
> - list_add_tail_rcu(&qe->later, &ima_measurements);
> + list_add_tail_rcu(&qe->later, &ns->ima_measurements);
>
> atomic_long_inc(&ns->ima_htable.len);
> if (update_htable) {
>
is that we now only add the measurements to the namespace list, but
that list is freed when the namespace dies. However, the measurement
is still extended through the PCRs meaning we have incomplete
information for a replay after the namespace dies?
I tend to think the way this should work is that until we have a way of
attesting inside the namespace, all measurements should go into the
physical log, so that replay is always complete for the PCRs, so
effectively the visible log of the namespace would always have to be a
subset of the physical log.
James
