| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130121164213.GB27617@redhat.com> Date: Mon, 21 Jan 2013 11:42:13 -0500 From: Vivek Goyal <vgoyal@...hat.com> To: Mimi Zohar <zohar@...ux.vnet.ibm.com> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, linux-kernel@...r.kernel.org, pjones@...hat.com, hpa@...or.com, dhowells@...hat.com, jwboyer@...hat.com Subject: Re: [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary On Tue, Jan 15, 2013 at 11:55:59PM -0500, Mimi Zohar wrote: [..] > Please remind me why you can't use IMA-appraisal, which was upstreamed > in Linux 3.7? Why another method is needed? So is this IMA-appraisal also supports digital signatures? The IMA white paper seems to put digital signatures in separate category (IMA-Appraisal-Signature-Extension). > > With IMA-appraisal, there are a couple of issues that would still need > to be addressed: > - missing the ability to specify the validation method required. > - modify the ima_appraise_tcb policy policy to require elf executables > to be digitally signed. For my use case, all executable don't have to be digitally signed. If something is digitally signed then do the signature verification. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists