From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D026C49ED7 for ; Mon, 16 Sep 2019 13:17:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4B00B214DE for ; Mon, 16 Sep 2019 13:17:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BC46gSZG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733087AbfIPNRM (ORCPT ); Mon, 16 Sep 2019 09:17:12 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:41861 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732956AbfIPNRL (ORCPT ); Mon, 16 Sep 2019 09:17:11 -0400 Received: by mail-lj1-f193.google.com with SMTP id f5so1713191ljg.8 for ; Mon, 16 Sep 2019 06:17:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aA+U7AmDCNWjq14jh2S68p2S74Unu27IayYKPois77U=; b=BC46gSZGC9YgbcyDwaeVukrsEkzRi9jVLF90m5TEoDfDfsW21Lvv95CH5EoKuOzG8S /wls581J4kPgw/3SUJaFftbmNoR7rrbmfiG55/EUwWkOx9FC7x4rL8e/iQtGIPDlihly pvqxbi54OfSeAuHAG8FJglBKUnF0QdahseXVvCFKWaPlHNbcja23koL2Z4jFY3FmtdHc m8P0h0cFsmjbNB14DPitPeJEpAIlRLw93w6cfneTL6sU4BZJYwqP5Xp5pt+l5Sn2P6CU BHiKQQKfqmdZSDDWrQIxCB2t9TE7BBRaqhg3kmbA4w8sbdv59WCOg0DZ2PxwC8ke4VgY dezQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aA+U7AmDCNWjq14jh2S68p2S74Unu27IayYKPois77U=; b=EqQnVy3J9dBBoIdw4kt67VlvblHZZ+YrcCiYEDw7ORcla+joBdn/rrv6fYD8ejplaF op8QW/fKr060GyK3xxZbStJZ/Qc9xZtLX3yJy5DnWL2Xje3ZIzOs9uUK2oABe4CQ+oUJ ST0F7ZluZEUFhuFmRsUDOTYFm2vXr/8jxIertXu9eTDgwbM3NmzTMdOId/Tp+OfSylG5 oJqLe/hR7kjozyiNvH/R/W07ACmc4ECM0jUNPTOMZwlJGCXg+oZecjsHGLeOrqWBxk1s QCIwXSuI9MrvLLxQJyMZroxTY4g0DJOk4NnR3zZ4T3qyBLOepfjy+BV6nNj8TEe03d0S RP4w== X-Gm-Message-State: APjAAAVjnt527COzrkR30qnGF5WdF0Kms+bYMAAGf9Nf+yBmNAA7Tp37 DvLqDQUVwSgwWghQeibj6V2wa31mtXQWvJV5VgkWlQ== X-Google-Smtp-Source: APXvYqxoJ3Q6AMJzTvvzLQwNEDnXhEEvnpgR/ZKP/uugJ9uruSAELuNoVit0XgZ3AY7waHynnevVwN4KsAqxQKJs+Vg= X-Received: by 2002:a2e:884c:: with SMTP id z12mr29597119ljj.92.1568639828352; Mon, 16 Sep 2019 06:17:08 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Janne Karhunen Date: Mon, 16 Sep 2019 16:16:57 +0300 Message-ID: Subject: Re: IMA on remote file systems To: Chuck Lever Cc: linux-integrity@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Wed, Aug 28, 2019 at 8:36 PM Chuck Lever wrote: > My thought was to use an ephemeral Merkle tree for NFS (and > possibly other remote filesystems, like FUSE, until these > filesystems support durable per-file Merkle trees). A tree would > be constructed when the client measures a file, but it would not > saved to the filesystem. Instead of a hash of the file's contents, > the tree's root signature is stored as the IMA metadata. So the attack you are trying to guard against is that the pages that were evicted once and that are read back could still be integrity verified? Handling this properly would be awesome. I don't think we have anything against this now, the pages that were once evicted are really not checked when read back. -- Janne