lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Dec 2021 11:45:15 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     jejb@...ux.ibm.com, linux-integrity@...r.kernel.org
Cc:     zohar@...ux.ibm.com, serge@...lyn.com,
        christian.brauner@...ntu.com, containers@...ts.linux.dev,
        dmitry.kasatkin@...il.com, ebiederm@...ssion.com,
        krzysztof.struczynski@...wei.com, roberto.sassu@...wei.com,
        mpeters@...hat.com, lhinds@...hat.com, lsturman@...hat.com,
        puiterwi@...hat.com, jamjoom@...ibm.com,
        linux-kernel@...r.kernel.org, paul@...l-moore.com, rgb@...hat.com,
        linux-security-module@...r.kernel.org, jmorris@...ei.org
Subject: Re: [RFC 08/20] ima: Move measurement list related variables into
 ima_namespace


On 12/2/21 11:29, James Bottomley wrote:
> On Thu, 2021-12-02 at 08:41 -0500, Stefan Berger wrote:
>> On 12/2/21 07:46, James Bottomley wrote:
>>> On Tue, 2021-11-30 at 11:06 -0500, Stefan Berger wrote:
>>>> Move measurement list related variables into the ima_namespace.
>>>> This
>>>> way a
>>>> front-end like SecurityFS can show the measurement list inside an
>>>> IMA
>>>> namespace.
>>>>
>>>> Implement ima_free_measurements() to free a list of measurements
>>>> and call it when an IMA namespace is deleted.
>>> This one worries me quite a lot.  What seems to be happening in
>>> this
>>> code:
>>>
>>>> @@ -107,7 +100,7 @@ static int ima_add_digest_entry(struct
>>>> ima_namespace *ns,
>>>>           qe->entry = entry;
>>>>    
>>>>           INIT_LIST_HEAD(&qe->later);
>>>> -       list_add_tail_rcu(&qe->later, &ima_measurements);
>>>> +       list_add_tail_rcu(&qe->later, &ns->ima_measurements);
>>>>    
>>>>           atomic_long_inc(&ns->ima_htable.len);
>>>>           if (update_htable) {
>>>>
>>> is that we now only add the measurements to the namespace list, but
>>> that list is freed when the namespace dies.  However, the
>>> measurement
>>> is still extended through the PCRs meaning we have incomplete
>>> information for a replay after the namespace dies?
>> *Not at all.* The measurement list of the namespace is independent
>> of
>> the host.
>>
>> The cover letter states:
> I get that the host can set up a policy to log everything in the
> namespace, but that wasn't my question.  My question is can the guest
> set up a policy to log something that doesn't go into the host log
> (because the host hasn't asked for it to be logged) but extends a PCR
> anyway, thus destroying the ability of the host to do log replay.


host log goes with host TPM and vice versa

guest log goes with (optional) vTPM and vice version

Extending the PCR of the host's TPM would require the data to be logged 
in the host log as well. So, no, it's not possible.


    Stefan


>
> James
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ