| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <23e4bce238bee0591ba6fb3566f7b42f6719331f.camel@linux.ibm.com>
Date: Sun, 22 Jan 2023 15:29:54 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>,
Paul Moore <paul@...l-moore.com>
Cc: jmorris@...ei.org, serge@...lyn.com,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk,
Roberto Sassu <roberto.sassu@...wei.com>,
stable@...r.kernel.org
Subject: Re: [PATCH v2] security: Restore passing final prot to
ima_file_mmap()
On Fri, 2023-01-13 at 11:52 +0100, Roberto Sassu wrote:
> > > If we add a new policy keyword, existing policies would not be updated
> > > unless the system administrator notices it. If a remote attestation
> > > fails, the administrator has to look into it.
> >
> > Verifying the measurement list against a TPM quote should work
> > regardless of additional measurements. The attestation server,
> > however, should also check for unknown files.
> >
> > > Maybe we can introduce a new hook called MMAP_CHECK_REQ, so that an
> > > administrator could change the policy to have the current behavior, if
> > > the administrator wishes so.
<snip>
> > However "_REQ" could mean either requested or required.
>
> It was to recall reqprot. I could rename to MMAP_CHECK_REQPROT.
That sounds good.
--
thanks,
Mimib
Powered by blists - more mailing lists