| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081204192412.GA22390@hallyn.com> Date: Thu, 4 Dec 2008 13:24:12 -0600 From: "Serge E. Hallyn" <serge@...lyn.com> To: Christoph Hellwig <hch@...radead.org> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, James Morris <jmorris@...ei.org>, Al Viro <viro@...IV.linux.org.uk>, David Safford <safford@...son.ibm.com>, Serge Hallyn <serue@...ux.vnet.ibm.com>, Mimi Zohar <zohar@...ibm.com> Subject: Re: [PATCH 2/6] integrity: Linux Integrity Module(LIM) Quoting Christoph Hellwig (hch@...radead.org): > On Wed, Dec 03, 2008 at 05:17:35PM -0500, Mimi Zohar wrote: > > > I have a bit of a problem parsing the above, and it certainly doesn't > > > look like a justification for keeping all that unused code around. > > > > The purpose of LIM is to provide an integrity infrastructure to support > > different types of integrity data. IMA implements both the LIM > > API for it's own internal use, and exports it for others to call. > > > > As Dave Safford pointed out in http://lkml.org/lkml/2008/11/17/362, > > there are other projects that want to add differently structured > > measurements to the TPM measurement list. The template abstraction is > > critical to allowing these differently formatted messages to be added to > > the list. > > I think we're talking past each other. > > In integrity.h there are two operation vectors defines: > > - struct integrity_operations delcares the operations called from the > VFS. This one is actually used. While I don't agree to Dave's > argument, because we don't put bloat in just because people might > eventually some day use it when they are in the right mood and the > sun shines, thisn't isn't the one I'm talking about in this thread. > - struct template_operations on the others is not only really badly > named for appearing in a global header but also not used in a > meaningfull way. There is one single instace of it, > ima_template_ops, and while there are five helpers added in the > second patch that use it (integrity_collect_measurement, > integrity_appraise_measurement, integrity_store_measurement, > integrity_store_template, integrity_must_measure) none of them > is used at all during the patch series. There are two direct > uses of these template added in the third path, to implement the > show operations for the "binary_runtime_measurements" and > "ascii_runtime_measurements" files ins securityfs, but given that > those are inside ima there no reason for the indirection at all. Yeah I can definately see that. Mimi, you used to have another template (I thought) which just tracked security_ops to try and prevent subversion of the LSM hooks. Or something like that. That was a separate template_ops, right? Can you post that again? That might answer both Christoph's query about the usefulness of the indirection, and Dave's question about "how could I use this, anyway". If you do repost it, please be very clear about what it is expected to do/protect against, and how, using no acronyms which you don't define on first use :) thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists