[The normal conventions for this mailing list is bottom post.] Lev, On Mon, 2020-03-30 at 20:21 +0300, Lev R. Oshvang . wrote: > I already answered to Mimi Zohar that applications expect file name in > open() syscall. And I disagreed with you. Not only can filenames be renamed, as I mentioned, but they aren't protected, as Roberto said. > So there is no need to protect file name otherwise applications just > stop to work. > Even now when ima hash is not correct application stops to work. > Put aside scripts for a second. A lot of programs are configured in > .ini or .conf files. > The suffix is a very convenient way to provide these files would be measured. > > Now I returning to scripts. > It is very hard to enforce IMA checks in interpreters. And thinks > about perl scrips. awk. python scripts. etc > The proposed suffix rule is easy and lightweight. > I once had programmed BRM hook of LSM > I had a very hard time trying to figure out whether shell is opening a > script or data , how to get filename to check its signature. > Sometimes script file does not have shebang or does not have > executable permission. Only the interpreter knows how the file will be used. > > I hope I convinced you. There have been a number of attempts to define IMA policy rules based on pathname, which have not been upstreamed. Feel free to use your solution, but it can't be upstreamed as is. Mimi
