lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1227231596.2819.102.camel@localhost.localdomain>
Date:	Thu, 20 Nov 2008 20:39:56 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Dave Hansen <dave@...ux.vnet.ibm.com>
Cc:	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	James Morris <jmorris@...ei.org>,
	Christoph Hellwig <hch@...radead.org>,
	Al Viro <viro@...IV.linux.org.uk>,
	David Safford <safford@...son.ibm.com>,
	Serge Hallyn <serue@...ux.vnet.ibm.com>,
	Mimi Zohar <zohar@...ibm.com>, Christoph Hellwig <hch@....de>
Subject: Re: [PATCH 3/4] integrity: IMA as an integrity service provider

On Thu, 2008-11-20 at 13:22 -0800, Dave Hansen wrote: 
> On Thu, 2008-11-20 at 11:43 -0500, Mimi Zohar wrote:
> > 
> > +       /* Invalidate PCR, if a measured file is already open for read
> > */
> > +       if ((mask == MAY_WRITE) || (mask == MAY_APPEND)) {
> > +               int mask_sav = data->mask;
> > +               int rc;
> > +
> > +               data->mask = MAY_READ;
> > +               rc = ima_must_measure(&idata);
> > +               if (!rc) {
> > +                       if (atomic_read(&(data->dentry->d_count)) - 1 >
> > +                           atomic_read(&(inode->i_writecount)))
> > +                               ima_add_violation(inode, data->filename,
> > +                                                 "invalid_pcr", "ToMToU");
> > +               }
> > +               data->mask = mask_sav;
> > +               goto out;
> > +       }
> 
> Following up on Christoph's comment...
> 
> I'm worried that this calculation isn't very precise.  The calculation
> that you're trying to come up with here is the number of opens (d_count)
> vs. the number of writers (i_writecount).  When they don't match, you
> know that the new open is the first write, and you must 'invalidate the
> PCR'?
> 
> There are a number of things that elevate d_count, and it is a lot more
> than just an open() that can do it.  Is that OK?
> 
> -- Dave

>>From an integrity perspective, a file measurement might be invalidated
unnecessarily, but it is safe. For any file when opened for write, while
having an existing reader, will cause the file measurement to be
invalidated. Can you give examples of things, other than open(), that
elevate d_count?

Is there a different, better way to determine if there are any readers?

Thanks!

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ