| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jan 2018 06:23:51 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: Dongsu Park <dongsu@...volk.io>,
LKML <linux-kernel@...r.kernel.org>
Cc: Alban Crequy <alban@...volk.io>,
Miklos Szeredi <miklos@...redi.hu>,
Seth Forshee <seth.forshee@...onical.com>
Subject: Re: [PATCH 0/2] turn on force option for FUSE in builtin policies
On Tue, 2018-01-16 at 12:09 +0100, Dongsu Park wrote:
> Hi,
>
> On Thu, Jan 11, 2018 at 8:51 PM, Dongsu Park <dongsu@...volk.io> wrote:
> > In case of FUSE filesystem, cached integrity results in IMA could be
> > reused, when the userspace FUSE process has changed the
> > underlying files. To be able to avoid such cases, we need to turn on
> > the force option in builtin policies, for actions of measure and
> > appraise. Then integrity values become re-measured and re-appraised.
> > In that way, cached integrity results won't be used.
>
> Since yesterday Alban and I have been working on a different approach
> that does not depend on IMA rules, nor fsmagic. Please see:
> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1587390.html
>
> If that's ok, I'm ready to discard this patchset.
You dropped a number of people involved in this discussion and mailing
lists. Please post the proposed patch inline as an RFC, cc'ing the
same people, those involved in the discussion, and previous mailing
lists, including LSM, integrity, and fsdevel.
thanks,
Mimi
Powered by blists - more mailing lists