On Wed, 2021-10-13 at 07:01 -0400, Mimi Zohar wrote: > A major interpreter integrity gap exists which allows files read by > the interpreter to be executed without measuring the file or verifying > the file's signature. > > The kernel has no knowledge about the file being read by the interpreter. > Only the interpreter knows the context(eg. data, execute) and must be > trusted to provide that information accurately. > > To close this integrity gap, define an ima_trusted_for hook to allow > IMA to measure the file and verify the file's signature based on policy. > > Sample policy rules: > measure func=TRUSTED_FOR_CHECK > appraise func=TRUSTED_FOR_CHECK To require file signatures, the policy rule should be: appraise func=TRUSTED_FOR_CHECK appraise_type=imasig > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
