lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEFn8qK9Tg99PA_=Ukm=CwSE6ajjUL2FxLs0ZiVdGLvG_baK_A@mail.gmail.com>
Date:   Wed, 19 Jun 2019 11:08:56 -0700
From:   prakhar srivastava <prsriva02@...il.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>,
        linux-integrity <linux-integrity@...r.kernel.org>,
        linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH 2/3] IMA:Define a new template field buf

<snip>
> >       if (iint->measured_pcrs & (0x1 << pcr))
> > diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> > index 993d0f1915ff..c8591406c0e2 100644
> > --- a/security/integrity/ima/ima_init.c
> > +++ b/security/integrity/ima/ima_init.c
> > @@ -50,7 +50,7 @@ static int __init ima_add_boot_aggregate(void)
> >       struct ima_template_entry *entry;
> >       struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
> >       struct ima_event_data event_data = {iint, NULL, boot_aggregate_name,
> > -                                         NULL, 0, NULL};
> > +                                         NULL, 0, NULL, NULL, 0};
> >       int result = -ENOMEM;
> >       int violation = 0;
> >       struct {
> >
>
> These changes shouldn't be necessary.  Please rebase these patches on
> top of the latest next-queued-testing branch (git remote update).  "IMA: support for per
> policy rule template formats" is still changing.
>
> Minor nit.  When re-posting the patches please update the patch titles
> so that there is a space between the subsystem name and the patch
> title (eg. "ima: define ...").
>
I believe the above event_data changes are needed, to store/read the
buffer length and buffer itself. The only exception will be if needed will be to
remove ima-buf as a template instead used a template_fmt in the policy
with KEXEC_CMDLINE from the "IMA: support for per
 policy rule template formats" is still changing.".
In my view even ima-buf is needed as it simplifies the usage.

Please let me know if I misunderstood your comment.
> Mimi
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ