| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Aug 2008 19:35:47 +0200 From: Pavel Machek <pavel@...e.cz> To: david safford <safford@...son.ibm.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, serue@...ux.vnet.ibm.com, sailer@...son.ibm.com, zohar@...ibm.com, Stephen Smalley <sds@...ho.nsa.gov>, CaseySchaufler <casey@...aufler-ca.com> Subject: Re: [RFC][Patch 5/5]integrity: IMA as an integrity service provider On Tue 2008-06-24 12:28:55, david safford wrote: > On Sat, 2008-05-31 at 09:54 +0200, Pavel Machek wrote: > > On Wed 2008-05-28 01:22:42, Andrew Morton wrote: > > > On Fri, 23 May 2008 11:05:45 -0400 Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote: > > > > > > > This is a re-release of Integrity Measurement Architecture(IMA) as an > > > > independent Linunx Integrity Module(LIM) service provider, which implements > > > > the new LIM must_measure(), collect_measurement(), store_measurement(), and > > > > display_template() API calls. The store_measurement() call supports two > > > > types of data, IMA (i.e. file data) and generic template data. > > ... > > ...also, it would be nice to see explanation 'what is this good for'. > > > > Closest explanation I remember was 'it will protect you by making > > system unbootable if someone stole disk with your /usr filesystem -- > > but not / filesystem -- added some rootkit, and then stealthily > > returned it'. That seems a) very unlikely scenario and b) probably > > better solved by encrypting /usr. > > Pavel > > Sorry about this delayed response - we are about to repost for RFC, and > noticed we missed responding to this. > > You are thinking about a related project, EVM, which HMAC's a file's > metadata, to protect against off-line attacks, (which admittedly > many users are not concerned about.) > > This submission, IMA, provides hardware (TPM) based measurement and > attestation, which measures all files before they are accessed in > any way (on the inode_permission, bprm and mmap hooks), and > commits the measurements to the TPM. The TPM can sign these > measurement lists, and thus the system can prove to itself and System can never proof to itself. > to a third party these measurements in a way that cannot be > circumvented by malicious or compromised software. IMA is just one > part of integrity detection, as it does not detect purely in-memory > attacks, such as worms. And proofing to third party is useful for what....? Given that it can be worked around by modifying files in memory, or by special hardware...? Disney? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists