lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101018145930.GE4120@thunk.org>
Date:	Mon, 18 Oct 2010 10:59:30 -0400
From:	Ted Ts'o <tytso@....edu>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Eric Paris <eparis@...hat.com>, Eric Paris <eparis@...isplace.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Christoph Hellwig <hch@...radead.org>,
	Dave Chinner <david@...morbit.com>,
	linux-kernel@...r.kernel.org, Mimi Zohar <zohar@...ibm.com>,
	warthog9@...nel.org, hpa@...or.com, devel@...ts.fedoraprojet.org
Subject: Re: ima: use of radix tree cache indexing == massive waste of
 memory?

On Mon, Oct 18, 2010 at 01:57:28PM +0200, Peter Zijlstra wrote:
> Well, you could use the actual freezer to freeze luserspace and then
> simply iterate all open files, I mean, those few sods who actually want
> this enabled can either pass a boot option to enable from boot or suffer
> the overhead on enable, right?

I'm a little confused why anyone would want to turn on IMA at any time
other than right away at boot?  If you haven't been doing integrity
management checking from the very beginning of the boot process, what
does turning on IMA after the system has booted buy you in the way of
security protections?

In other words, turning on IMA via a boot option seems to be the only
thing that makes any sense at all.

      	   	 				- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ