On Thu, 2023-01-26 at 17:38 +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
>
> Commit 98de59bfe4b2f ("take calculation of final prot in
> security_mmap_file() into a helper") caused ima_file_mmap() to receive the
> protections requested by the application and not those applied by the
> kernel.
>
> After restoring the original MMAP_CHECK behavior with a patch, existing
> systems might be broken due to not being ready to handle new entries
> (previously missing) in the IMA measurement list.
Is this a broken system or a broken attestation server? The
attestation server might not be able to handle the additional
measurements, but the system, itself, is not broken.
"with a patch" is unnecessary.
>
> Restore the original correct MMAP_CHECK behavior instead of keeping the
^ add missing comma after "behavior"
> current buggy one and introducing a new hook with the correct behavior. The
> second option
^ The second option -> Otherwise,
> would have had the risk of IMA users not noticing the problem
> at all, as they would actively have to update the IMA policy, to switch to
> the correct behavior.
>
> Also, introduce the new MMAP_CHECK_REQPROT hook to keep the current
> behavior, so that IMA users could easily fix a broken system, although this
> approach is discouraged due to potentially missing measurements.
Again, is this a broken system or a broken attestation server?
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Otherwise, the patch looks good.
--
thanks,
Mimi
