| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1592233145.11061.129.camel@linux.ibm.com>
Date: Mon, 15 Jun 2020 10:59:05 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Stephen Smalley <stephen.smalley.work@...il.com>,
Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
Cc: Stephen Smalley <stephen.smalley@...il.com>,
Casey Schaufler <casey@...aufler-ca.com>,
James Morris <jmorris@...ei.org>,
linux-integrity@...r.kernel.org,
LSM List <linux-security-module@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 5/5] LSM: Define workqueue for measuring security module
state
On Mon, 2020-06-15 at 09:33 -0400, Stephen Smalley wrote:
> On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
> <nramas@...ux.microsoft.com> wrote:
> >
> > The data maintained by the security modules could be tampered with by
> > malware. The LSM needs to periodically query the state of
> > the security modules and measure the data when the state is changed.
> >
> > Define a workqueue for handling this periodic query and measurement.
>
> Won't this make it difficult/impossible to predict the IMA PCR value?
> Unless I missed it, you are going to end up measuring every N minutes
> even if there was no change and therefore constantly be extending the
> PCR. That will break attestation or sealing against the IMA PCR.
Even if it attempts to add the same measurement to the list multiple
times, unless something changed, there should only be one measurement
in the list.
Mimi
Powered by blists - more mailing lists