Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Rob Landley <rob@landley.net>,
	Roberto Sassu <roberto.sassu@huawei.com>,
	viro@zeniv.linux.org.uk
Cc: linux-security-module@vger.kernel.org,
	linux-integrity@vger.kernel.org, initramfs@vger.kernel.org,
	linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com,
	silviu.vlasceanu@huawei.com, dmitry.kasatkin@huawei.com,
	takondra@cisco.com, kamensky@cisco.com, hpa@zytor.com,
	arnd@arndb.de, james.w.mcmechan@gmail.com
Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk
Date: Fri, 10 May 2019 18:38:44 -0400
Message-ID: <1557527924.10635.157.camel@linux.ibm.com> (raw)
In-Reply-To: <3a9d717e-0e12-9d62-a3cf-afb7a5dbf166@landley.net>

On Fri, 2019-05-10 at 15:46 -0500, Rob Landley wrote:
> On 5/10/19 6:49 AM, Mimi Zohar wrote:
> > On Fri, 2019-05-10 at 08:56 +0200, Roberto Sassu wrote:
> >> On 5/9/2019 8:34 PM, Rob Landley wrote:
> >>> On 5/9/19 6:24 AM, Roberto Sassu wrote:
> > 
> >>>> The difference with another proposal
> >>>> (https://lore.kernel.org/patchwork/cover/888071/) is that xattrs can be
> >>>> included in an image without changing the image format, as opposed to
> >>>> defining a new one. As seen from the discussion, if a new format has to be
> >>>> defined, it should fix the issues of the existing format, which requires
> >>>> more time.
> >>>
> >>> So you've explicitly chosen _not_ to address Y2038 while you're there.
> >>
> >> Can you be more specific?
> > 
> > Right, this patch set avoids incrementing the CPIO magic number and
> > the resulting changes required (eg. increasing the timestamp field
> > size), by including a file with the security xattrs in the CPIO.  In
> > either case, including the security xattrs in the initramfs header or
> > as a separate file, the initramfs, itself, needs to be signed.
> 
> The /init binary in the initramfs runs as root and launches all other processes
> on the system. Presumably it can write any xattrs it wants to, and doesn't need
> any extra permissions granted to it to do so. But as soon as you start putting
> xattrs on _other_ files within the initramfs that are _not_ necessarily running
> as PID 1, _that's_ when the need to sign the initramfs comes in?
> 
> Presumably the signing occurs on the gzipped file. How does that affect the cpio
> parsing _after_ it's decompressed? Why would that be part of _this_ patch?

The signing and verification of the initramfs is a separate issue, not
part of this patch set.  The only reason for mentioning it here was to
say that both methods of including the security xattrs require the
initramfs be signed.  Just as the kernel image needs to be signed and
verified, the initramfs should be too.

Mimi



  reply index

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-09 11:24 Roberto Sassu
2019-05-09 11:24 ` [PATCH v2 1/3] fs: add ksys_lsetxattr() wrapper Roberto Sassu
2019-05-10 21:28   ` Jann Horn
2019-05-09 11:24 ` [PATCH v2 2/3] initramfs: set extended attributes Roberto Sassu
2019-05-09 11:24 ` [PATCH v2 3/3] initramfs: introduce do_readxattrs() Roberto Sassu
2019-05-10 21:33   ` Jann Horn
2019-05-13 13:03     ` Roberto Sassu
2019-05-09 18:34 ` [PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk Rob Landley
2019-05-10  6:56   ` Roberto Sassu
2019-05-10 11:49     ` Mimi Zohar
2019-05-10 20:46       ` Rob Landley
2019-05-10 22:38         ` Mimi Zohar [this message]
2019-05-11 22:44 ` Andy Lutomirski
2019-05-12  4:04   ` Rob Landley
2019-05-12  4:12     ` Rob Landley
2019-05-12  9:17 ` Dominik Brodowski
2019-05-12 10:18   ` hpa
2019-05-12 15:31     ` Dominik Brodowski
2019-05-13  0:02       ` Mimi Zohar
2019-05-13  0:21         ` hpa
2019-05-13  0:23       ` hpa
2019-05-12 12:52   ` Mimi Zohar
2019-05-12 17:05     ` Rob Landley
2019-05-12 19:43       ` Arvind Sankar
2019-05-13  7:49         ` Roberto Sassu
2019-05-13  9:07           ` Rob Landley
2019-05-13 12:08             ` Mimi Zohar
2019-05-13 12:47             ` Roberto Sassu
2019-05-13 17:20               ` Arvind Sankar
2019-05-13 17:51                 ` Arvind Sankar
2019-05-13 17:52                 ` Arvind Sankar
2019-05-13 18:36                   ` Mimi Zohar
2019-05-13 18:47                     ` Arvind Sankar
2019-05-13 22:09                       ` Mimi Zohar
2019-05-14  6:06                         ` Rob Landley
2019-05-14 14:44                           ` Arvind Sankar
2019-05-14  6:06               ` Rob Landley
2019-05-14 11:52                 ` Roberto Sassu
2019-05-14 15:12                   ` Rob Landley
2019-05-14 15:27                   ` Arvind Sankar
2019-05-14 15:57                     ` Arvind Sankar
2019-05-14 17:44                       ` Roberto Sassu
2019-05-15  1:00                         ` Arvind Sankar
2019-05-14 15:19               ` Andy Lutomirski
2019-05-14 16:33                 ` Roberto Sassu
2019-05-14 16:58                   ` Greg KH
2019-05-14 17:20                     ` Roberto Sassu
2019-05-15  0:25                       ` Arvind Sankar
2019-05-14 19:18                 ` James Bottomley
2019-05-14 23:39                   ` Rob Landley
2019-05-14 23:54                     ` James Bottomley
2019-05-15  0:52                       ` Arvind Sankar
2019-05-15 11:19                         ` Roberto Sassu
2019-05-15 16:08                           ` Arvind Sankar
2019-05-15 17:06                             ` Roberto Sassu
2019-05-16  5:29                               ` Arvind Sankar
2019-05-16 11:42                                 ` Roberto Sassu
2019-05-16 13:31                                 ` Mimi Zohar

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1557527924.10635.157.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=arnd@arndb.de \
    --cc=dmitry.kasatkin@huawei.com \
    --cc=hpa@zytor.com \
    --cc=initramfs@vger.kernel.org \
    --cc=james.w.mcmechan@gmail.com \
    --cc=kamensky@cisco.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=rob@landley.net \
    --cc=roberto.sassu@huawei.com \
    --cc=silviu.vlasceanu@huawei.com \
    --cc=takondra@cisco.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox