From: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Mikhail Kurinnoi <viewizard@viewizard.com>,
Matthew Garrett <mjg59@google.com>,
linux-integrity <linux-integrity@vger.kernel.org>
Subject: Re: RFC: Make it practical to ship EVM signatures
Date: Thu, 19 Oct 2017 13:14:12 +0300 [thread overview]
Message-ID: <CACE9dm8P=Y9D1j2JM+9Rj_ZLmRst2ayXiC6CtaweaWmWqpCUrA@mail.gmail.com> (raw)
In-Reply-To: <1508360841.4510.64.camel@linux.vnet.ibm.com>
On Thu, Oct 19, 2017 at 12:07 AM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> Hi Dmitry,
>
> On Wed, 2017-10-18 at 23:37 +0300, Dmitry Kasatkin wrote:
>> May be Mikhail could share GIT url to look somewhere.
>> To see latest bits.
>
> Please bottom post in the future.
>
> Summary:
> Mikhail's patches were posted earlier this year. His patches defined
> a portable EVM signature, which was never written out to disk, but
> after being verified, was written out as an HMAC. This was based on
> my understanding that the i_ino/uuid is required to prevent a cut &
> paste attack.
I checked Mikhail patches. In his patches, immutable is normal evm
signature but not replaceable with hmac.
2) portable EVM digsig version, aimed to protect archived file's meta
data from manipulations.
What is the case of manipulation? hmac protects that..
>
> In the recent discussions, Matthew wanted to know why the i_ino/uuid
> is required. After going around and around discussing it, it turns
> out including security.ima is equivalent to including the i_ino/uuid.
> The i_ino/uuid is only necessary to prevent a cut and paste attack,
> when security.ima is not included in the security.evm hmac/signature.
>
If I recall, we had such discussion in the chat about i_no/uuid.
if I recall right, not including them was a compromise for "portability"?
Archive could be unpacked with xattrs and signatures are still valid.
tar --xattrs
cp --preserve=xattr
But how security.ima will protect against cut and paste attack?
Attacker can take any other file together with metadata and it will be
valid one.
> We're at the point of making the portable EVM signature immutable. By
> immutable, we mean that it isn't re-written as an HMAC. It is based
> on your ima-evm-utils support.
>
> Mikhail, Matthew, did I leave anything out?
>
> Mimi
>
--
Thanks,
Dmitry
next prev parent reply other threads:[~2017-10-19 10:14 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-27 22:16 RFC: Make it practical to ship EVM signatures Matthew Garrett
2017-09-27 22:16 ` [PATCH 1/6] IMA: Allow EVM validation on appraisal even without a symmetric key Matthew Garrett
2017-10-01 2:08 ` Mimi Zohar
2017-10-02 17:02 ` Matthew Garrett
2017-10-02 19:41 ` Mimi Zohar
2017-09-27 22:16 ` [PATCH 2/6] EVM: Add infrastructure for making EVM fields optional Matthew Garrett
2017-09-27 22:16 ` [PATCH 3/6] EVM: Allow userland to override the default EVM attributes Matthew Garrett
2017-09-27 22:16 ` [PATCH 4/6] EVM: Add an hmac_ng xattr format Matthew Garrett
2017-09-27 22:16 ` [PATCH 5/6] EVM: Write out HMAC xattrs in the new format Matthew Garrett
2017-09-27 22:16 ` [PATCH 6/6] EVM: Add a new digital signature format Matthew Garrett
2017-09-28 20:12 ` RFC: Make it practical to ship EVM signatures Mimi Zohar
2017-09-28 21:13 ` Matthew Garrett
2017-09-29 0:53 ` Mimi Zohar
2017-09-29 18:09 ` Matthew Garrett
2017-09-29 19:02 ` Mimi Zohar
2017-09-29 19:17 ` Matthew Garrett
2017-09-29 20:01 ` Mimi Zohar
2017-09-29 20:09 ` Matthew Garrett
2017-10-01 2:36 ` Mimi Zohar
2017-10-02 17:09 ` Matthew Garrett
2017-10-02 19:54 ` Mimi Zohar
[not found] ` <CACdnJutYw7Pgh-EwWuwp9Wz+5KzoreZVr+c6UV30zC__8FZSVA@mail.gmail.com>
[not found] ` <1506974574.5691.304.camel@linux.vnet.ibm.com>
2017-10-02 20:07 ` Matthew Garrett
2017-10-09 17:51 ` Mimi Zohar
2017-10-09 17:59 ` Matthew Garrett
2017-10-09 18:15 ` Mimi Zohar
2017-10-09 18:18 ` Matthew Garrett
2017-10-09 18:40 ` Mimi Zohar
[not found] ` <20171009232314.545de76a@totoro>
[not found] ` <1507583449.3748.46.camel@linux.vnet.ibm.com>
[not found] ` <20171010003326.6409ae23@totoro>
2017-10-09 21:40 ` Mimi Zohar
2017-10-09 23:10 ` Mikhail Kurinnoi
2017-10-10 19:07 ` Mimi Zohar
2017-10-12 23:09 ` Dmitry Kasatkin
2017-10-18 19:48 ` Dmitry Kasatkin
2017-10-18 20:30 ` Mimi Zohar
2017-10-18 20:37 ` Dmitry Kasatkin
2017-10-18 21:02 ` Mikhail Kurinnoi
2017-10-18 21:07 ` Mimi Zohar
2017-10-19 10:14 ` Dmitry Kasatkin [this message]
2017-10-19 11:43 ` Mimi Zohar
2017-10-19 17:08 ` Matthew Garrett
2017-10-19 18:38 ` Dmitry Kasatkin
2017-10-19 10:36 ` Dmitry Kasatkin
2017-10-19 11:45 ` Mimi Zohar
2017-10-02 14:53 ` Roberto Sassu
2017-10-02 8:55 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACE9dm8P=Y9D1j2JM+9Rj_ZLmRst2ayXiC6CtaweaWmWqpCUrA@mail.gmail.com' \
--to=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=mjg59@google.com \
--cc=viewizard@viewizard.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.