lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 12 Aug 2020 10:18:41 -0400
From:   Chuck Lever <chucklever@...il.com>
To:     James Morris <jmorris@...ei.org>
Cc:     Mimi Zohar <zohar@...ux.ibm.com>,
        James Bottomley <James.Bottomley@...senPartnership.com>,
        Deven Bowers <deven.desai@...ux.microsoft.com>,
        Pavel Machek <pavel@....cz>, Sasha Levin <sashal@...nel.org>,
        snitzer@...hat.com, dm-devel@...hat.com,
        tyhicks@...ux.microsoft.com, agk@...hat.com,
        Paul Moore <paul@...l-moore.com>,
        Jonathan Corbet <corbet@....net>, nramas@...ux.microsoft.com,
        serge@...lyn.com, pasha.tatashin@...een.com,
        Jann Horn <jannh@...gle.com>, linux-block@...r.kernel.org,
        Al Viro <viro@...iv.linux.org.uk>,
        Jens Axboe <axboe@...nel.dk>, mdsakib@...rosoft.com,
        open list <linux-kernel@...r.kernel.org>, eparis@...hat.com,
        linux-security-module@...r.kernel.org, linux-audit@...hat.com,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        linux-integrity@...r.kernel.org,
        jaskarankhurana@...ux.microsoft.com
Subject: Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM
 (IPE)



> On Aug 11, 2020, at 5:03 PM, James Morris <jmorris@...ei.org> wrote:
> 
> On Sat, 8 Aug 2020, Chuck Lever wrote:
> 
>> My interest is in code integrity enforcement for executables stored
>> in NFS files.
>> 
>> My struggle with IPE is that due to its dependence on dm-verity, it
>> does not seem to able to protect content that is stored separately
>> from its execution environment and accessed via a file access
>> protocol (FUSE, SMB, NFS, etc).
> 
> It's not dependent on DM-Verity, that's just one possible integrity 
> verification mechanism, and one of two supported in this initial 
> version. The other is 'boot_verified' for a verified or otherwise trusted 
> rootfs. Future versions will support FS-Verity, at least.
> 
> IPE was designed to be extensible in this way, with a strong separation of 
> mechanism and policy.

I got that, but it looked to me like the whole system relied on having
access to the block device under the filesystem. That's not possible
for a remote filesystem like Ceph or NFS.

I'm happy to take a closer look if someone can point me the right way.


--
Chuck Lever
chucklever@...il.com



Powered by blists - more mailing lists