lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 12 Nov 2021 11:12:09 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Roberto Sassu <roberto.sassu@...wei.com>
Cc:     tytso@....edu, corbet@....net, viro@...iv.linux.org.uk,
        hughd@...gle.com, akpm@...ux-foundation.org,
        linux-fscrypt@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
        linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC][PATCH 5/5] shmem: Add fsverity support

On Fri, Nov 12, 2021 at 01:44:11PM +0100, Roberto Sassu wrote:
> Make the necessary modifications to support fsverity in tmpfs.
> 
> First, implement the fsverity operations (in a similar way of f2fs). These
> operations make use of shmem_read_mapping_page() instead of
> read_mapping_page() to handle the case where the page has been swapped out.
> The fsverity descriptor is placed at the end of the file and its location
> is stored in an xattr.
> 
> Second, implement the ioctl operations to enable, measure and read fsverity
> metadata.
> 
> Lastly, add calls to fsverity functions, to ensure that fsverity-relevant
> operations are checked and handled by fsverity (file open, attr set, inode
> evict).
> 
> Fsverity support can be enabled through the kernel configuration and
> remains enabled by default for every tmpfs filesystem instantiated (there
> should be no overhead, unless fsverity is enabled for a file).
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>

I don't see how this makes sense at all.  The point of fs-verity is to avoid
having to hash the whole file when verifying it.  However, obviously the whole
file still has to be hashed to build the Merkle tree in the first place.  That
makes sense for a persistent filesystem where a file can be written once and
verified many times.  I don't see how it makes sense for tmpfs, where files have
to be re-created on every boot.  You might as well just hash the whole file.

Also, you didn't implement actually verifying the data (by calling
fsverity_verify_page()), so this patch doesn't really do anything anyway.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ