Re: [PATCH V2 3/4] IMA: Optionally make use of filesystem-provided hashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 4, 2019 at 12:32 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Mon, 2019-03-04 at 11:52 -0800, Matthew Garrett wrote:
> > To be clear, I'm entirely happy to make this change - I'd just like to
> > ensure that I do it the right way!
>
> Falling back to reading the file is fine.  So we're assuming that the
> person signing a policy containing "get_hash" understands the
> ramifications.  And yes, only signed policies containing "get_hash"
> should be loaded.

I'm not clear on why requiring signed policies is helpful here. If you
allow FUSE mounts at all then you need to trust the FUSE filesystem to
return good results, in which case you can trust it to return valid
hashes. If you don't trust the FUSE filesystem then generating the
hash via read doesn't win you anything - the filesystem can return one
set of data on the initial IMA hashing, and then return a second set
later. Requiring signed policy doesn't change that.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux