lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87wqvdli1o.fsf@xmission.com>
Date:	Tue, 15 Jan 2013 23:10:27 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	Vivek Goyal <vgoyal@...hat.com>, linux-kernel@...r.kernel.org,
	pjones@...hat.com, hpa@...or.com, dhowells@...hat.com,
	jwboyer@...hat.com
Subject: Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary

Mimi Zohar <zohar@...ux.vnet.ibm.com> writes:

> Please remind me why you can't use IMA-appraisal, which was upstreamed
> in Linux 3.7?  Why another method is needed?

Good question Vivek?  

I remeber there was a slight mismatch in the desired attributes.  In
particular we want signatures that are not generated on the local
machine.

> With IMA-appraisal, there are a couple of issues that would still need
> to be addressed:
> - missing the ability to specify the validation method required.
> - modify the ima_appraise_tcb policy policy to require elf executables
> to be digitally signed.
> - security_bprm_check() is called before the binary handler is known.
>
> The first issue is addressed by a set of patches queued to be upstreamed
> in linux-integrity/next-ima-appraise-status.
>
> To address the last issue would either require moving the existing
> bprm_check or defining a new hook after the binary handler is known.

Even if there is a small mismatch it certainly sounds like something to
investigate.  There are a lot of pieces flying around with IMA so an
appropriate model of what needs to happen isn't in my head.  As opposed
to a signature in an ELF executable and a key in the kernel.

Hooks aside in an IMA world where does the signing key live?  Where does
the signature live?

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ