| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2010 15:29:15 +0900 From: Seiji Munetoh <seiji.munetoh@...il.com> To: Shaz <shazalive@...il.com> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-ima-user@...ts.sourceforge.net, linux-security-module@...r.kernel.org, Roberto Sassu <roberto.sassu@...ito.it>, linux-kernel@...r.kernel.org, Eric Paris <eparis@...hat.com> Subject: Re: [Linux-ima-user] [RFC][PATCH] ima: add default rule for initramfs files On Wed, Jul 14, 2010 at 2:42 PM, Shaz <shazalive@...il.com> wrote: > > > On Wed, Jul 14, 2010 at 3:08 AM, Seiji Munetoh <seiji.munetoh@...il.com> > wrote: >> >> On Thu, Jul 8, 2010 at 10:14 PM, Mimi Zohar <zohar@...ux.vnet.ibm.com> >> wrote: >> > On Tue, 2010-07-06 at 17:08 +0200, Roberto Sassu wrote: >> >> This patch modifies the default policy shipped with IMA, in order to >> >> avoid measurements >> >> of files in the initial ramdisk. Those files can be measured early in >> >> the boot process >> >> by the bootloader. >> >> The patch applies to latest version of the mainline kernel 2.6.35-rc4. >> > >> > Yes, the initramfs measurements are therefore redundant, as they're >> > already included in the initramfs measurement, but perhaps, as the >> > number of initramfs is very limited and the individual file measurements >> > supplies additional information, it wouldn't hurt to keep the individual >> > file measurements as well. These measurements could potentially help in >> > identifying initramfs changes. >> > >> > Would appreciate other opinions before accepting this change. >> >> The hash value of the initramfs is unstable since it was generated >> at the time of kernel installation. >> So still I want to check the individual used file in initramfs. > > If initrd is measured by boot loader then changes to individual files should > not be measured as this IS redundant. Use the new hash of the initrd as an > integrity metric. Why would this not be enough? This depends on remote verifier. Creating the initramfs is client side task and the hash value of initramfs will vary each clients. For me, validation of current measurements is easier than validation of initramfs. And it seems the overhead of this redundancy is less painful. But some system can validate (or trust) the initramfs measured by IPL. So, I would suggest that add Kconfig option to change the default policy. IMHO, if the eventlog contains fsmagic information for each measurements. Verifier can skip the validation of RAMFS measurement easily. -- Seiji -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists