lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Mar 2023 21:33:19 -0500 From: Paul Moore <paul@...l-moore.com> To: Fan Wu <wufan@...ux.microsoft.com> Cc: Roberto Sassu <roberto.sassu@...weicloud.com>, corbet@....net, zohar@...ux.ibm.com, jmorris@...ei.org, serge@...lyn.com, tytso@....edu, ebiggers@...nel.org, axboe@...nel.dk, agk@...hat.com, snitzer@...nel.org, eparis@...hat.com, linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fscrypt@...r.kernel.org, linux-block@...r.kernel.org, dm-devel@...hat.com, linux-audit@...hat.com, roberto.sassu@...wei.com, linux-kernel@...r.kernel.org, Deven Bowers <deven.desai@...ux.microsoft.com> Subject: Re: [RFC PATCH v9 03/16] ipe: add evaluation loop and introduce 'boot_verified' as a trust provider On Fri, Feb 10, 2023 at 6:21 PM Fan Wu <wufan@...ux.microsoft.com> wrote: > On Tue, Jan 31, 2023 at 04:49:44PM +0100, Roberto Sassu wrote: > > On Mon, 2023-01-30 at 14:57 -0800, Fan Wu wrote: > > > From: Deven Bowers <deven.desai@...ux.microsoft.com> > > > > > > IPE must have a centralized function to evaluate incoming callers > > > against IPE's policy. This iteration of the policy against the rules > > > for that specific caller is known as the evaluation loop. > > > > Not sure if you check the properties at every access. > > > > >From my previous comments (also for previous versions of the patches) > > you could evaluate the property once, by calling the respective > > functions in the other subsystems. > > > > Then, you reserve space in the security blob for inodes and superblocks > > to cache the decision. The format could be a policy sequence number, to > > ensure that the cache is valid only for the current policy, and a bit > > for every hook you enforce. > > Thanks for raising this idea. I agree that if the property evaluation > leads to a performance issue, it will be better to cache the evaluation > result. But for this version, all the property evaluations are simple, > so it is just as fast as accessing a cache. Also, for the initial > version we prefer to keep the patch as minimal as possible. FWIW, I think that is the right decision. Keeping the initial submission relatively small and focused has a lot of advantages when it comes both to review and prematurely optimizing things that might not need optimization. -- paul-moore.com
Powered by blists - more mailing lists