Re: Allow FUSE filesystems to provide out-of-band hashes to IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 5, 2018 at 11:18 AM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> Right, the correct behavior should be not to trust FUSE filesystems,
> but since we don't break userspace there is the
> "ima_policy=fail_securely" boot command line option.

There seem to be two scenarios:

1) You trust FUSE mounts, perhaps because you have some other policy
in place to ensure that only trusted binaries can mount stuff. In this
scenario you already trust that the filesystem will give you
consistent results when you read data from it - it seems reasonable to
also trust it to give you back an accurate hash if you ask for one.
2) You don't trust FUSE mounts, in which case you pass
ima_policy=fail_securely. This patch doesn't change that behaviour.

I agree that using FUSE in general is incompatible with IMA's goals,
but it's possible to configure systems where you can ensure that only
trustworthy code is involved. In that scenario this patch improves
performance without compromising security.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux