Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
* Whitelisting with IMA
@ 2019-05-12  9:37 m3hm00d
  2019-05-13  9:09 ` Roberto Sassu
  0 siblings, 1 reply; 3+ messages in thread
From: m3hm00d @ 2019-05-12  9:37 UTC (permalink / raw)
  To: linux-integrity

tldr: Is there some way to ask IMA not to open (execute) unknown binaries

Hi all,

I saw some comments on RFC for WhiteEgret LSM. Someone on the same
thread said that IMA could be used for whitelisting as well. Based on
a couple of hours with IMA, it seems to me that IMA can only stop
execution of (altered) binaries whose hash/sign was earlier measured.

If a user installs a new (unknown) application, it seems like IMA is
going to allow that application to run since IMA can't find any
integrity loss since IMA doesn't have any 'good' value against the new
application. Is this correct? Or is there some other option to ask IMA
not to execute any unknown binary?

Kind regards,
m3hm00d

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-12  9:37 Whitelisting with IMA m3hm00d
2019-05-13  9:09 ` Roberto Sassu
2019-05-14 17:27   ` m3hm00d

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox