Re: [PATCH v2 00/15] ima: digest list feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 9, 2017 at 11:13 AM, Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote:
> On 11/9/2017 3:47 PM, Matthew Garrett wrote:
>> There's no need to have a policy that measures those files, because
>> they're part of the already-measured initramfs. Just set the IMA
>> policy after you've loaded the digest list.
>
>
> The default IMA policy measures files accessed from the initial ram
> disk. It is easier to verify individual files, rather than the whole
> image.

That's a matter of implementation. You're not forced to use the default policy.

>> This seems very over-complicated, and it's unclear why the kernel
>> needs to open the file itself. You *know* that all of userland is
>
>
> You can have a look at ima_fs.c. If appraisal is in enforcing mode,
> direct upload of a policy is not permitted. The kernel reads the policy,
> calculates the digest, and verifies the signature.

Is there an expectation that you'll load additional digest lists at runtime?

>> trustworthy at this point even in the absence of signatures. It seem >
>> reasonable to provide a interface that allows userland to pass a
>> digest list to the kernel, in the same way that userland can pass an
>> IMA policy to the kernel. You can then restrict access to that
>> interface via an LSM.
>
>
> Then digest lists cannot be used alone, without an LSM. Also, verifiers
> have to check the LSM policy to ensure that only the parser was able to
> upload the digest lists.

Only if you want to add additional digest lists at runtime, but yes,
you really want to be verifying the LSM policy in any case.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux