| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4634c6c12b2452849f73ed2d5a4d168707e0ac9a.camel@linux.ibm.com>
Date: Fri, 20 Nov 2020 10:49:20 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Tushar Sugandhi <tusharsu@...ux.microsoft.com>,
stephen.smalley.work@...il.com, casey@...aufler-ca.com,
agk@...hat.com, snitzer@...hat.com, gmazyland@...il.com,
paul@...l-moore.com
Cc: tyhicks@...ux.microsoft.com, sashal@...nel.org, jmorris@...ei.org,
nramas@...ux.microsoft.com, linux-integrity@...r.kernel.org,
selinux@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, dm-devel@...hat.com
Subject: Re: [PATCH v6 8/8] selinux: measure state and hash of the policy
using IMA
Hi Tushar, Lakshmi,
On Thu, 2020-11-19 at 15:26 -0800, Tushar Sugandhi wrote:
> From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
>
> IMA measures files and buffer data such as keys, command line arguments
> passed to the kernel on kexec system call, etc. While these measurements
> enable monitoring and validating the integrity of the system, it is not
> sufficient.
The above paragraph would make a good cover letter introduction.
> In-memory data structures maintained by various kernel
> components store the current state and policies configured for
> the components.
Various data structures, policies and state stored in kernel memory
also impact the integrity of the system.
The 2nd paragraph could provide examples of such integrity critical
data.
This patch set introduces a new IMA hook named
ima_measure_critical_data() to measure kernel integrity critical data.
thanks,
Mimi
Powered by blists - more mailing lists