lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1576694616.4579.412.camel@linux.ibm.com>
Date:   Wed, 18 Dec 2019 13:43:36 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Florent Revest <revest@...omium.org>,
        Casey Schaufler <casey@...aufler-ca.com>,
        linux-integrity@...r.kernel.org, Matthew Garrett <mjg59@...gle.com>
Cc:     jmorris@...ei.org, serge@...lyn.com, revest@...gle.com,
        allison@...utok.net, armijn@...ldur.nl, bauerman@...ux.ibm.com,
        linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org, kpsingh@...omium.org
Subject: Re: [PATCH] integrity: Expose data structures required for
 include/linux/integrity.h

On Wed, 2019-12-18 at 17:56 +0100, Florent Revest wrote:
> On Wed, 2019-12-18 at 09:28 -0500, Mimi Zohar wrote:
> > [Cc'ing Matthew]
> > 

> > > There's a major difference between returning just the file hash and
> > > making the integrity_iint_cache structure public. 
> 
> Certainly!
> I am new to this subsystem so I just wanted to get the discussion
> started. I am happy to make a more specific function.
> 
> > > Peter Moody's original code queried the cache[1].  Why do you need
> > > access to the structure itself?
> > > FYI, if/when we get to IMA namespacing, the cache structure will
> > > change.
> > > 
> > > [1] ima: add the ability to query ima for the hash of a given file.
> > 
> > If you're using Peter's patch, or something similar, I'd appreciate
> > your taking the time to upstream it.
> 
> Thank you for pointing me to Peter's patch! No one in my team was aware
> of his work on this. Ugh!
> It appears that Peter left the company while trying to upstream his
> patch and the situation just got stuck there for 4+ years now.
> 
> If you are still positive about the idea of a ima_file_hash function, I
> will take his v6 patch (this is the latest I could find on the
> sourceforce archives of linux-ima-devel), rebase it, take your comments
> into account and send a new version by the end of the week.

Matthew also wasn't aware of Peter's patch, until I sent it to him.  I
assume they're using it or something similar.  Please coordinate with
him, before refreshing and posting the patch.

thanks,

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ