On Mon, Apr 16, 2018 at 1:16 PM Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > On Mon, 2018-04-16 at 18:32 +0000, Matthew Garrett wrote: > > Runtime. I'll look into the post-init stuff, but given that this doesn't > > change the current security position do you think it's a blocker? > I would probably make the existing evm_config_xattrnames a const and > create a link list. As new xattrs are defined, append them to the > tail. Ok, that's definitely an option. But thinking about it some more - if an attacker has arbitrary memory overwrite of writable pages, wouldn't it be easier for them to just overwrite the policy and disable appraisal? > Is there a reason for adding one additional xattrs one at a time, as > opposed to parsing a string? Mostly to avoid introducing more string parsing into the kernel. > Is it better to define a securityfs file, rather than a boot command > line argument? With a boot command line argument, the list of xattrs > could be defined as __ro_after_init. I could go either way on this - I think that doing it on the command line would satisfy all my use cases.
