| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 May 2017 16:48:44 -0400 From: Ken Goldman <kgold@...ux.vnet.ibm.com> To: linux-ima-devel@...ts.sourceforge.net Cc: linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [Linux-ima-devel] [PATCH 0/7] IMA: new parser for ima_restore_measurement_list() On 5/18/2017 5:38 AM, Roberto Sassu wrote: > On 5/17/2017 6:28 PM, Ken Goldman wrote: >> On 5/17/2017 3:25 AM, Roberto Sassu wrote: >>> >>> The format of digestN is: <algo name>:\0<digest value>, the same used >>> for the file digest. >> >> Since the format is changing from the SHA-1 log format anyway ... >> >> How do people feel about the colon and null terminated string format for >> algorithm identifiers? >> >> The TCG standard enumerations are uint16_t, and there is a registry of >> hash algorithms. >> >> As a consuming parser, it feels nice to know it's always 2 bytes and not >> have to worry about a missing colon or a missing nul terminator risking >> a buffer overflow. > > There cannot be buffer overflow, because the length of each digest > field is known. > > Roberto > I was not referring to the digest, but the digest algorithm. I wanted opinions on the colon and null terminated string format for algorithm identifiers. The TCG standard log uses the TCG standard enumerations. They're always exactly 2 bytes. Parsing is trivial. If IMA uses strings, the attacker can send, e.g., sha1: and not null terminate it. A careful parser can go a byte at a time until it reaches a maximum length - if you specify a maximum length. But it is an attack surface. Is there a corresponding advantage?
Powered by blists - more mailing lists