lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f42d49d2e876379c0ef6e31a34027be95ffb1375.camel@linux.ibm.com>
Date:   Thu, 14 Jan 2021 11:50:34 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
        Paul Moore <paul@...l-moore.com>,
        Sasha Levin <sashal@...nel.org>
Cc:     Tushar Sugandhi <tusharsu@...ux.microsoft.com>,
        Stephen Smalley <stephen.smalley.work@...il.com>,
        casey@...aufler-ca.com, agk@...hat.com, snitzer@...hat.com,
        gmazyland@...il.com, tyhicks@...ux.microsoft.com,
        James Morris <jmorris@...ei.org>,
        linux-integrity@...r.kernel.org, selinux@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, dm-devel@...hat.com
Subject: Re: [PATCH v10 8/8] selinux: include a consumer of the new IMA
 critical data hook

On Thu, 2021-01-14 at 11:44 -0500, Mimi Zohar wrote:
> [Cc'ing Sasha]
> 
> Hi Lakshmi,
> 
> On Thu, 2021-01-14 at 08:22 -0800, Lakshmi Ramasubramanian wrote:
> > On 1/13/21 6:49 PM, Mimi Zohar wrote:
> 
> > >>> Lakshmi is trying to address the situation where an event changes a
> > >>> value, but then is restored to the original value.  The original and
> > >>> subsequent events are measured, but restoring to the original value
> > >>> isn't re-measured.  This isn't any different than when a file is
> > >>> modified and then reverted.
> > >>>
> > >>> Instead of changing the name like this, which doesn't work for files,
> > >>> allowing duplicate measurements should be generic, based on policy.
> > >>
> > >> Perhaps it is just the end of the day and I'm a bit tired, but I just
> > >> read all of the above and I have no idea what your current thoughts
> > >> are regarding this patch.
> > > 
> > > Other than appending the timestamp, which is a hack, the patch is fine.
> > > Support for re-measuring an event can be upstreamed independently.
> > > 
> > 
> > Thanks for clarifying the details related to duplicate measurement 
> > detection and re-measuring.
> > 
> > I will keep the timestamp for the time being, even though its a hack, as 
> > it helps with re-measuring state changes in SELinux. We will add support 
> > for "policy driven" re-measurement as a subsequent patch series.
> 
> Once including the timestamp is upstreamed, removing it will be
> difficult, especially if different userspace applications are dependent
> on it.  Unless everyone is on board that removing the timestamp
> wouldn't be considered a regression, it cannot be upstreamed.

Feel free to just re-post just this one patch.  Otherwise the patch set
looks good.

thanks,

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ