| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2c613462-825e-a3d1-9bf2-2314f0c1a4da@linux.microsoft.com>
Date: Wed, 4 Dec 2019 14:43:59 -0800
From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To: Mimi Zohar <zohar@...ux.ibm.com>, linux-integrity@...r.kernel.org
Cc: Mat Martineau <mathew.j.martineau@...ux.intel.com>,
eric.snowberg@...cle.com, dhowells@...hat.com,
matthewgarrett@...gle.com, sashal@...nel.org,
jamorris@...ux.microsoft.com, linux-kernel@...r.kernel.org,
keyrings@...r.kernel.org
Subject: Re: [PATCH v9 5/6] IMA: Add support to limit measuring keys
On 12/4/19 3:16 AM, Mimi Zohar wrote:
Hi Mimi,
>
> The integrity subsystem, and other concepts upstreamed to support it,
> are being used by different people/companies in different ways. I
> know some of the ways, but not all, as how it is being used. For
> example, Mat Martineau gave an LSS2019-NA talk titled "Using and
> Implementing Keyring Restrictions for Userspace". I don't know if he
> would be interested in measuring keys on these restricted userspace
> keyrings, but before we limit how a new feature works, we should at
> least look to see if that limitation is really necessary.
>
> Mimi
I have updated the patch per your suggestion - if uid is specified in
the policy for key measurement, then it is checked against the current
user's credential.
Please review the updated patch set (v10).
thanks,
-lakshmi
Powered by blists - more mailing lists