lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 Jan 2018 06:48:04 -0800
From:   Christoph Hellwig <hch@...radead.org>
To:     Dongsu Park <dongsu@...volk.io>
Cc:     linux-kernel@...r.kernel.org, Alban Crequy <alban@...volk.io>,
        Miklos Szeredi <miklos@...redi.hu>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        Seth Forshee <seth.forshee@...onical.com>
Subject: Re: [PATCH 0/2] turn on force option for FUSE in builtin policies

On Thu, Jan 11, 2018 at 08:51:48PM +0100, Dongsu Park wrote:
> In case of FUSE filesystem, cached integrity results in IMA could be
> reused, when the userspace FUSE process has changed the
> underlying files. To be able to avoid such cases, we need to turn on
> the force option in builtin policies, for actions of measure and
> appraise. Then integrity values become re-measured and re-appraised.
> In that way, cached integrity results won't be used.

The same is true for any distributed file system.  Checking for magic
numbers is always the wrong thing.  You'll need flags for specific
behavior in struct file_system_type instead.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ