lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 20 Nov 2020 15:40:11 -0800
From:   Lakshmi Ramasubramanian <>
To:     Mimi Zohar <>,
        Tushar Sugandhi <>,,,,,,
Subject: Re: [PATCH v6 8/8] selinux: measure state and hash of the policy
 using IMA

On 11/20/20 7:49 AM, Mimi Zohar wrote:
Hi Mimi,

> On Thu, 2020-11-19 at 15:26 -0800, Tushar Sugandhi wrote:
>> From: Lakshmi Ramasubramanian <>
>> IMA measures files and buffer data such as keys, command line arguments
>> passed to the kernel on kexec system call, etc. While these measurements
>> enable monitoring and validating the integrity of the system, it is not
>> sufficient.
> The above paragraph would make a good cover letter introduction.

Agreed - will add this paragraph to the cover letter as well.

>> In-memory data structures maintained by various kernel
>> components store the current state and policies configured for
>> the components.
> Various data structures, policies and state stored in kernel memory
> also impact the  integrity of the system.

Will update.

> The 2nd paragraph could provide examples of such integrity critical
> data.

Will do.

> This patch set introduces a new IMA hook named
> ima_measure_critical_data() to measure kernel integrity critical data.

I am not clear about this one - do you mean add the following line in 
the patch description for the selinux patch?

"This patch introduces the first use of the new IMA hook namely 
ima_measures_critical_data() to measure the integrity critical data for 


Powered by blists - more mailing lists