linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
	Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
	stephen.smalley.work@gmail.com
Cc: tyhicks@linux.microsoft.com, sashal@kernel.org,
	jmorris@namei.org, linux-integrity@vger.kernel.org,
	selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 0/4] LSM: Measure security module data
Date: Wed, 05 Aug 2020 08:37:59 -0400	[thread overview]
Message-ID: <3a96065c7c628be36eba99ad0da8d78cdac7dcaf.camel@linux.ibm.com> (raw)
In-Reply-To: <f3971f35-309d-c3e5-9126-69add7ad4c11@schaufler-ca.com>

On Tue, 2020-08-04 at 18:04 -0700, Casey Schaufler wrote:
> On 8/4/2020 5:43 PM, Lakshmi Ramasubramanian wrote:
> > Critical data structures of security modules are currently not measured.
> > Therefore an attestation service, for instance, would not be able to
> > attest whether the security modules are always operating with the policies
> > and configuration that the system administrator had setup. The policies
> > and configuration for the security modules could be tampered with by
> > malware by exploiting kernel vulnerabilities or modified through some
> > inadvertent actions on the system. Measuring such critical data would
> > enable an attestation service to better assess the state of the system.
> 
> I still wonder why you're calling this an LSM change/feature when
> all the change is in IMA and SELinux. You're not putting anything
> into the LSM infrastructure, not are you using the LSM infrastructure
> to achieve your ends. Sure, you *could* support other security modules
> using this scheme, but you have a configuration dependency on
> SELinux, so that's at best going to be messy. If you want this to
> be an LSM "feature" you need to use the LSM hooking mechanism.
> 
> I'm not objecting to the feature. It adds value. But as you've
> implemented it it is either an IMA extension to SELinux, or an
> SELiux extension to IMA. Could AppArmor add hooks for this without
> changing the IMA code? It doesn't look like it to me.

Agreed.  Without reviewing the patch set in depth, I'm not quite sure
why this patch set needs to be limited to measuring just LSM critical
data and can't be generalized.    The patch set could be titled "ima:
measuring critical data" or "ima: measuring critical kernel data". 
Measuring SELinux critical data would be an example of its usage.

For an example, refer to the ima_file_check hook, which is an example
of IMA being called directly, not via an LSM hook.

Mimi


  parent reply	other threads:[~2020-08-05 20:08 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-05  0:43 [PATCH v6 0/4] LSM: Measure security module data Lakshmi Ramasubramanian
2020-08-05  0:43 ` [PATCH v6 1/4] IMA: Add func to measure LSM state and policy Lakshmi Ramasubramanian
2020-08-05  3:25   ` Mimi Zohar
2020-08-05 12:46     ` Stephen Smalley
2020-08-05 12:56       ` Mimi Zohar
2020-08-05 13:03         ` Stephen Smalley
2020-08-05 13:19           ` Mimi Zohar
2020-08-05 14:27             ` Stephen Smalley
2020-08-05 15:07               ` Tyler Hicks
2020-08-05 15:43                 ` Stephen Smalley
2020-08-05 16:45                   ` John Johansen
2020-08-05 15:17               ` Mimi Zohar
2020-08-05  0:43 ` [PATCH v6 2/4] IMA: Define IMA hooks " Lakshmi Ramasubramanian
2020-08-05  0:43 ` [PATCH v6 3/4] LSM: Define SELinux function to measure " Lakshmi Ramasubramanian
2020-08-05  0:43 ` [PATCH v6 4/4] IMA: Handle early boot data measurement Lakshmi Ramasubramanian
2020-08-05  1:04 ` [PATCH v6 0/4] LSM: Measure security module data Casey Schaufler
2020-08-05  1:14   ` Lakshmi Ramasubramanian
2020-08-05 15:36     ` Casey Schaufler
2020-08-05 15:45       ` Tyler Hicks
2020-08-05 16:07         ` Lakshmi Ramasubramanian
2020-08-05 16:14           ` Tyler Hicks
2020-08-05 16:21             ` Lakshmi Ramasubramanian
2020-08-05 16:32               ` Tyler Hicks
2020-08-05 17:31                 ` Casey Schaufler
2020-08-05 17:03         ` Mimi Zohar
2020-08-05 17:25           ` Lakshmi Ramasubramanian
2020-08-05 17:57             ` Casey Schaufler
2020-08-05 18:08               ` Lakshmi Ramasubramanian
2020-08-05 18:25                 ` Casey Schaufler
2020-08-12 20:37                   ` Lakshmi Ramasubramanian
2020-08-05 12:37   ` Mimi Zohar [this message]
2020-08-05 12:00 ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3a96065c7c628be36eba99ad0da8d78cdac7dcaf.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=nramas@linux.microsoft.com \
    --cc=sashal@kernel.org \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=tyhicks@linux.microsoft.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).