lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <141ce433f026b47edb1d9a8f89e4581db253c579.camel@linux.ibm.com>
Date:   Thu, 02 Dec 2021 07:46:36 -0500
From:   James Bottomley <jejb@...ux.ibm.com>
To:     Stefan Berger <stefanb@...ux.ibm.com>,
        linux-integrity@...r.kernel.org
Cc:     zohar@...ux.ibm.com, serge@...lyn.com,
        christian.brauner@...ntu.com, containers@...ts.linux.dev,
        dmitry.kasatkin@...il.com, ebiederm@...ssion.com,
        krzysztof.struczynski@...wei.com, roberto.sassu@...wei.com,
        mpeters@...hat.com, lhinds@...hat.com, lsturman@...hat.com,
        puiterwi@...hat.com, jamjoom@...ibm.com,
        linux-kernel@...r.kernel.org, paul@...l-moore.com, rgb@...hat.com,
        linux-security-module@...r.kernel.org, jmorris@...ei.org
Subject: Re: [RFC 08/20] ima: Move measurement list related variables into
 ima_namespace

On Tue, 2021-11-30 at 11:06 -0500, Stefan Berger wrote:
> Move measurement list related variables into the ima_namespace. This
> way a
> front-end like SecurityFS can show the measurement list inside an IMA
> namespace.
> 
> Implement ima_free_measurements() to free a list of measurements
> and call it when an IMA namespace is deleted.

This one worries me quite a lot.  What seems to be happening in this
code:

> @@ -107,7 +100,7 @@ static int ima_add_digest_entry(struct
> ima_namespace *ns,
>         qe->entry = entry;
>  
>         INIT_LIST_HEAD(&qe->later);
> -       list_add_tail_rcu(&qe->later, &ima_measurements);
> +       list_add_tail_rcu(&qe->later, &ns->ima_measurements);
>  
>         atomic_long_inc(&ns->ima_htable.len);
>         if (update_htable) {
> 

is that we now only add the measurements to the namespace list, but
that list is freed when the namespace dies.  However, the measurement
is still extended through the PCRs meaning we have incomplete
information for a replay after the namespace dies?

I tend to think the way this should work is that until we have a way of
attesting inside the namespace, all measurements should go into the
physical log, so that replay is always complete for the PCRs, so
effectively the visible log of the namespace would always have to be a
subset of the physical log.

James


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ