lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1337956828.2351.68.camel@falcor>
Date:	Fri, 25 May 2012 10:40:28 -0400
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	David Howells <dhowells@...hat.com>
Cc:	"Kasatkin, Dmitry" <dmitry.kasatkin@...el.com>,
	Rusty Russell <rusty@...tcorp.com.au>, kyle@...artin.ca,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org
Subject: Re: [PATCH 00/23] Crypto keys and module signing

On Fri, 2012-05-25 at 14:53 +0100, David Howells wrote:
> Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> 
> > The issue here is whether we want the integrity metadata for kernel
> > modules to be stored differently than for all other files.
> 
> Surely it's handled differently.  The kernel is told by insmod what the
> signature should be in your scheme rather than going looking for it itself.  In
> such a case, why not include the signature in the module file?  It's more
> efficient on the filesystem, doesn't require xattr support and is easier for
> things like the initramfs composer to deal with.

Yes, unfortunately, it is handled differently.  Instead of passing a
file descriptor, a buffer containing the file data is passed.  Without
the file descriptor, you also need to pass the file metadata, in this
case, the signature as well.  Whether the signature is passed as a
separate parameter or appended to the file, it still is being passed to
the kernel.

> Btw, am I right in thinking that with IMA, the kernel itself normally goes and
> finds the signature (if there is one) for a file when it needs to open a file?
> Do you only check the IMA when exec'ing a file or whenever you open it?
> 
> David

IMA measures a file and appraises file data integrity based on the IMA
measurement/appraisal policy.  There are currently 3 hooks: open -
ima_file_check(), exec - ima_bprm_check() and mmap - ima_file_mapp().

I don't know the reasons or history for passing the file data content,
instead of a file descriptor, but if a file descriptor were passed, then
module integrity appraisal could simply be another integrity hook.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ