From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C83E5C04AB4 for ; Tue, 14 May 2019 17:44:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A6D0B20879 for ; Tue, 14 May 2019 17:44:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726272AbfENRok (ORCPT ); Tue, 14 May 2019 13:44:40 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:32941 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726229AbfENRok (ORCPT ); Tue, 14 May 2019 13:44:40 -0400 Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 9D28C725DEC5245686F9; Tue, 14 May 2019 18:44:38 +0100 (IST) Received: from [10.220.96.108] (10.220.96.108) by smtpsuk.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 14 May 2019 18:44:35 +0100 Subject: Re: [PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk To: Arvind Sankar CC: Rob Landley , Arvind Sankar , , , , , References: <20190512194322.GA71658@rani.riverdale.lan> <3fe0e74b-19ca-6081-3afe-e05921b1bfe6@huawei.com> <4f522e28-29c8-5930-5d90-e0086b503613@landley.net> <49965ffd-dd57-ffe5-4a2f-73cdfb387848@landley.net> <20190514152704.GB37109@rani.riverdale.lan> <20190514155739.GA70223@rani.riverdale.lan> From: Roberto Sassu Message-ID: Date: Tue, 14 May 2019 19:44:42 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <20190514155739.GA70223@rani.riverdale.lan> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [10.220.96.108] X-CFilter-Loop: Reflected Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On 5/14/2019 5:57 PM, Arvind Sankar wrote: > On Tue, May 14, 2019 at 11:27:04AM -0400, Arvind Sankar wrote: >> It's also much easier to change/customize it for the end >> system's requirements rather than setting the process in stone by >> putting it inside the kernel. > > As an example, if you allow unverified external initramfs, it seems to > me that it can try to play games that wouldn't be prevented by the > in-kernel code: setup /dev in a weird way to try to trick /init, or more > easily, replace /init by /bin/sh so you get a shell prompt while only > the initramfs is loaded. It's easy to imagine that a system would want > to lock itself down to prevent abuses like this. Yes, these issues should be addressed. But the purpose of this patch set is simply to set xattrs. And existing protection mechanisms can be improved later when the basic functionality is there. > So you might already want an embedded initramfs that can be trusted and > that can't be overwritten by an external one even outside the > security.ima stuff. The same problems exist also the root filesystem. These should be solved regardless of the filesystem used, for remote attestation and for local enforcement. -- HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Bo PENG, Jian LI, Yanli SHI