From: Janne Karhunen <janne.karhunen@gmail.com>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>,
dmitry.kasatkin@huawei.com, mjg59@google.com,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
silviu.vlasceanu@huawei.com
Subject: Re: [PATCH v3 0/2] ima/evm fixes for v5.2
Date: Wed, 12 Jun 2019 14:28:30 +0300 [thread overview]
Message-ID: <CAE=NcraYOw9B3RFu3_DbJs9nPT87AtQEptC7zF4kAu4FP8YhxA@mail.gmail.com> (raw)
In-Reply-To: <20190606112620.26488-1-roberto.sassu@huawei.com>
On Thu, Jun 6, 2019 at 3:27 PM Roberto Sassu <roberto.sassu@huawei.com> wrote:
>
> Previous versions included the patch 'ima: don't ignore INTEGRITY_UNKNOWN
> EVM status'. However, I realized that this patch cannot be accepted alone
> because IMA-Appraisal would deny access to new files created during the
> boot.
The early initialization logic seems to have been changing, the
original one as I have understood it:
- before initialization
- allow reading anything without security.ima
- deny reading anything with security.ima
- allow all writes
- after initialization
- deny reading|writing anything without security.ima
- deny reading|writing anything invalid
- allow everything else
The logic is pretty handy as it even creates additional layer of
security around the early initialization files as they become
unreadable after use.
Now, if we initialize the system with a random key like in your patch,
this logic is to change quite drastically? It sounds to me the
userland may actually break, all the userland initialization files in
the existing ima configurations that do not use digsigs would become
unreadable given that the random key is put in? Remember, those files
can be protected via other means (most commonly signed ramdisk).
--
Janne
next prev parent reply other threads:[~2019-06-12 11:28 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-06 11:26 [PATCH v3 0/2] ima/evm fixes for v5.2 Roberto Sassu
2019-06-06 11:26 ` [PATCH v3 1/2] evm: add option to set a random HMAC key at early boot Roberto Sassu
2019-06-06 11:26 ` [PATCH v3 2/2] ima: add enforce-evm and log-evm modes to strictly check EVM status Roberto Sassu
2019-06-07 14:24 ` Mimi Zohar
2019-06-07 14:40 ` Roberto Sassu
2019-06-07 15:08 ` Mimi Zohar
2019-06-07 15:14 ` Roberto Sassu
2019-06-07 15:25 ` Mimi Zohar
2019-06-06 11:43 ` [PATCH v3 0/2] ima/evm fixes for v5.2 Roberto Sassu
2019-06-06 14:49 ` Mimi Zohar
2019-06-06 15:22 ` Roberto Sassu
2019-06-12 11:28 ` Janne Karhunen [this message]
2019-06-12 13:11 ` Roberto Sassu
2019-06-12 13:38 ` Janne Karhunen
2019-06-12 16:33 ` Roberto Sassu
2019-06-13 6:01 ` Janne Karhunen
2019-06-13 6:57 ` Roberto Sassu
2019-06-13 7:39 ` Janne Karhunen
2019-06-13 7:50 ` Roberto Sassu
2019-06-13 8:04 ` Janne Karhunen
2019-06-13 8:51 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAE=NcraYOw9B3RFu3_DbJs9nPT87AtQEptC7zF4kAu4FP8YhxA@mail.gmail.com' \
--to=janne.karhunen@gmail.com \
--cc=dmitry.kasatkin@huawei.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@google.com \
--cc=roberto.sassu@huawei.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.