From: "Theodore Ts'o" <tytso@mit.edu>
To: James Morris <jmorris@namei.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
LSM List <linux-security-module@vger.kernel.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [GIT PULL] Security subsystem updates for 4.14
Date: Fri, 8 Sep 2017 18:38:06 -0400 [thread overview]
Message-ID: <20170908223806.7yv6eohtsispwgas@thunk.org> (raw)
In-Reply-To: <alpine.LRH.2.21.1709081448090.7880@namei.org>
On Fri, Sep 08, 2017 at 02:48:51PM +1000, James Morris wrote:
>
> Mimi and Christoph worked together on this over several iterations -- I'll
> let them respond.
Mimi --- we should chat next week in LA. I've been working on a
design internally at work which proposes a generic VFS-layer library
(ala how fscrypt in fs/crypto works) which provides data integrity
using per-file Merkle trees.
The goals of this design:
* Simplicity; for ease in security review and upstream review and
acceptance
* Useful for multiple use cases. It is *not* Android/APK specific,
and indeed can be used for other things
* A better way of providing Linux IMA/EVM support for immutable
files by moving the verification from time-of-open to
time-of-readpage. (This significantly reduces the performance
impact, since we don't need to lock down the file while the kernel
needs to run SHA1 on potentially gigabytes worth of file data.)
* Most use cases for file-level checksums are for files that
don’t change over time (e.g., for Video, Audio, Backup files,
etc.) This allows us to provide a cheap and efficient way to
provide checksum protect against storage-level corruption
fairly easily. So by supporting both SHA and CRC-32, we can
make this feature useful for more than just the security heads. :-)
* Like the encryption/fscrypt feature, most of the code to this
feature can be in a VFS-level library, with minimal hooks needed
to those file systems (ext4, f2fs) that wish to provide this
functionality.
- Ted
next prev parent reply other threads:[~2017-09-08 22:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-04 10:29 [GIT PULL] Security subsystem updates for 4.14 James Morris
2017-09-07 18:19 ` Linus Torvalds
2017-09-08 4:48 ` James Morris
2017-09-08 7:09 ` Christoph Hellwig
2017-09-08 17:25 ` Linus Torvalds
2017-09-08 17:36 ` Paul Moore
2017-09-10 4:32 ` James Morris
2017-09-10 4:53 ` James Morris
2017-09-11 22:30 ` Paul Moore
2017-09-14 21:09 ` Kees Cook
2017-09-14 21:13 ` James Morris
2017-09-14 21:25 ` Kees Cook
2017-09-08 19:57 ` James Morris
2017-09-17 7:36 ` Mimi Zohar
2017-09-10 8:10 ` Christoph Hellwig
2017-09-10 14:02 ` Mimi Zohar
2017-09-11 6:38 ` Christoph Hellwig
2017-09-11 21:34 ` Mimi Zohar
2017-09-08 22:38 ` Theodore Ts'o [this message]
2017-09-10 2:08 ` James Morris
2017-09-10 7:13 ` Mimi Zohar
2017-09-10 12:17 ` Theodore Ts'o
2017-09-10 6:46 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170908223806.7yv6eohtsispwgas@thunk.org \
--to=tytso@mit.edu \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).