[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1227231596.2819.102.camel@localhost.localdomain>
Date: Thu, 20 Nov 2008 20:39:56 -0500
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: Dave Hansen <dave@...ux.vnet.ibm.com>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
James Morris <jmorris@...ei.org>,
Christoph Hellwig <hch@...radead.org>,
Al Viro <viro@...IV.linux.org.uk>,
David Safford <safford@...son.ibm.com>,
Serge Hallyn <serue@...ux.vnet.ibm.com>,
Mimi Zohar <zohar@...ibm.com>, Christoph Hellwig <hch@....de>
Subject: Re: [PATCH 3/4] integrity: IMA as an integrity service provider
On Thu, 2008-11-20 at 13:22 -0800, Dave Hansen wrote:
> On Thu, 2008-11-20 at 11:43 -0500, Mimi Zohar wrote:
> >
> > + /* Invalidate PCR, if a measured file is already open for read
> > */
> > + if ((mask == MAY_WRITE) || (mask == MAY_APPEND)) {
> > + int mask_sav = data->mask;
> > + int rc;
> > +
> > + data->mask = MAY_READ;
> > + rc = ima_must_measure(&idata);
> > + if (!rc) {
> > + if (atomic_read(&(data->dentry->d_count)) - 1 >
> > + atomic_read(&(inode->i_writecount)))
> > + ima_add_violation(inode, data->filename,
> > + "invalid_pcr", "ToMToU");
> > + }
> > + data->mask = mask_sav;
> > + goto out;
> > + }
>
> Following up on Christoph's comment...
>
> I'm worried that this calculation isn't very precise. The calculation
> that you're trying to come up with here is the number of opens (d_count)
> vs. the number of writers (i_writecount). When they don't match, you
> know that the new open is the first write, and you must 'invalidate the
> PCR'?
>
> There are a number of things that elevate d_count, and it is a lot more
> than just an open() that can do it. Is that OK?
>
> -- Dave
>>From an integrity perspective, a file measurement might be invalidated
unnecessarily, but it is safe. For any file when opened for write, while
having an existing reader, will cause the file measurement to be
invalidated. Can you give examples of things, other than open(), that
elevate d_count?
Is there a different, better way to determine if there are any readers?
Thanks!
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists