On Thu, Jul 05, 2018 at 11:16:38AM -0400, Mimi Zohar wrote: > [CC'ing Dave Chinner, Ted Tso] > > Hi Rishi, > > On Thu, 2018-07-05 at 16:08 +0530, rishi gupta wrote: > > Hi Dmitry and security team members, > > > > I am willing to take directory protection ima patch in a commercial > > product, but observed that it has not been mainlined. Is there any reason > > for not mainlining it. Are there any better options for protecting > > directory using IMA/EVM or some other security schemes. > > > > https://lwn.net/Articles/512364/ > > https://kernel.googlesource.com/pub/scm/linux/kernel/git/kasatkin/linux-digsig/+/ima-dir-experimental/security/integrity/ima/ima_dir.c > > The main purpose of the IMA-directory patch set is to protect file > names from offline attack. Dmitry's patch set protects file names at > the immediate directory level, but does not extend up to the root > directory. I brought up the topic of protecting file names at > LSF/MM[1]. Others in the community are aware of the problem and need > to be involved in the discussions as to how to address it. Probably best to take any discussion to the -fsdevel list. Verifying directories are unchanged doesn't guarantee that access to individual files is unchanged, though. Hardlinks can be made from outside the verified directory and symlinks can cross filesystem boundaries from outside verified filesystems... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
