Re: [RFC PATCH 1/2] ima: Implement support for uncompressed module appended signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2020-02-06 at 12:01 -0700, Eric Snowberg wrote:
> > On Feb 6, 2020, at 11:05 AM, Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> > 
> > On Thu, 2020-02-06 at 11:42 -0500, Eric Snowberg wrote:
> >> Currently IMA can validate compressed modules containing appended
> >> signatures.  This adds the ability to also validate uncompressed
> >> modules when appraise_type=imasig|modsig.
> >> 
> >> Signed-off-by: Eric Snowberg <eric.snowberg@xxxxxxxxxx>
> > 
> > Your patch description in no way matches the code.
> > 
> 
> How about if I changed the description to the following:
> 
> Currently IMA can only validate compressed modules containing appended
> signatures when appraise_type=imasig|modsig.  An uncompressed module that 
> is internally signed must still be ima signed.  
> 
> Add the ability to validate the uncompress module by validating it against
> keys contained within the .builtin_trusted_keys keyring. Now when using a
> policy such as:
> 
> appraise func=MODULE_CHECK appraise_type=imasig|modsig
> 
> It will load modules containing an appended signature when either compressed
> or uncompressed.

We - Nayna and I - will be commenting on the cover letter shortly.  I
think that will help clarify the problem(s).

Mimi




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux