Re: [PATCH v6 0/8] IMA: support for measuring kernel integrity critical data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

> >How is it supposed to be useful?
> >
> >I'm pretty sure there are critical data that are not measured by
> >proposed module... and that are written under normal circumstances.
> >
> The goal of this series is to introduce the IMA hook
> measure_critical_data() and the necessary policies to use it; and
> illustrate that use with one example (SELinux). It is not scalable to
> identify and update all the critical data sources to use the proposed
> module at once.
> 
> A piecemeal approach to add more critical data measurement in subsequent
> patches would be easy to implement and review.

Basically every other data structure in kernel is "critical" by your
definition, and you can't really measure them all; some of them change
rather often. Going piecemeal does not really help here.

Example of critical data structure: page table entries for process I
own.

Best regards,
								Pavel
-- 
http://www.livejournal.com/~pavelmachek

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux