lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTilI8klNawzxVc-wxREJwktBKW2G4GvYeyMueGJM@mail.gmail.com>
Date:	Wed, 14 Jul 2010 15:29:15 +0900
From:	Seiji Munetoh <seiji.munetoh@...il.com>
To:	Shaz <shazalive@...il.com>
Cc:	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	linux-ima-user@...ts.sourceforge.net,
	linux-security-module@...r.kernel.org,
	Roberto Sassu <roberto.sassu@...ito.it>,
	linux-kernel@...r.kernel.org, Eric Paris <eparis@...hat.com>
Subject: Re: [Linux-ima-user] [RFC][PATCH] ima: add default rule for initramfs 
	files

On Wed, Jul 14, 2010 at 2:42 PM, Shaz <shazalive@...il.com> wrote:
>
>
> On Wed, Jul 14, 2010 at 3:08 AM, Seiji Munetoh <seiji.munetoh@...il.com>
> wrote:
>>
>> On Thu, Jul 8, 2010 at 10:14 PM, Mimi Zohar <zohar@...ux.vnet.ibm.com>
>> wrote:
>> > On Tue, 2010-07-06 at 17:08 +0200, Roberto Sassu wrote:
>> >> This patch modifies the default policy shipped with IMA, in order to
>> >> avoid measurements
>> >> of files in the initial ramdisk. Those files can be measured early in
>> >> the boot process
>> >> by the bootloader.
>> >> The patch applies to latest version of the mainline kernel 2.6.35-rc4.
>> >
>> > Yes, the initramfs measurements are therefore redundant, as they're
>> > already included in the initramfs measurement, but perhaps, as the
>> > number of initramfs is very limited and the individual file measurements
>> > supplies additional information, it wouldn't hurt to keep the individual
>> > file measurements as well.  These measurements could potentially help in
>> > identifying initramfs changes.
>> >
>> > Would appreciate other opinions before accepting this change.
>>
>> The hash value of the initramfs is unstable since it was generated
>> at the time of kernel installation.
>> So still I want to check  the individual used file in initramfs.
>
> If initrd is measured by boot loader then changes to individual files should
> not be measured as this IS redundant. Use the new hash of the initrd as an
> integrity metric. Why would this not be enough?

This depends on remote verifier.
Creating the initramfs is client side task and  the hash value of initramfs
will vary each clients.

For me, validation of  current measurements is easier than validation of
initramfs. And it seems the overhead of this redundancy is less painful.

But some system can validate (or trust) the initramfs measured by IPL.
So, I would suggest that add Kconfig option to change the default policy.

IMHO, if the eventlog contains fsmagic information for each measurements.
Verifier can skip the validation of RAMFS measurement easily.

--
Seiji
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ