| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <488442598c3703760ed6182426ed891f85fe0a1a.camel@linux.ibm.com>
Date: Wed, 25 Oct 2023 14:01:15 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Eric Snowberg <eric.snowberg@...cle.com>
Cc: "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
Raul Rangel <rrangel@...omium.org>,
Amir Goldstein <amir73il@...il.com>
Subject: Re: [PATCH v3] ima: detect changes to the backing overlay file
On Wed, 2023-10-25 at 16:27 +0000, Eric Snowberg wrote:
>
> > On Oct 25, 2023, at 8:39 AM, Mimi Zohar <zohar@...ux.ibm.com> wrote:
> >
> > Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for
> > IMA") forced signature re-evaulation on every file access.
> >
> > Instead of always re-evaluating the file's integrity, detect a change
> > to the backing file, by comparing the cached file metadata with the
> > backing file's metadata. Verifying just the i_version has not changed
> > is insufficient. In addition save and compare the i_ino and s_dev
> > as well.
> >
> > Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
>
> I ran the file integrity tests that originally uncovered the need for
> "Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for
> IMA”). When the backing file is changed, file integrity remains. For that
> part, feel free to add:
>
> Tested-by: Eric Snowberg <eric.snowberg@...cle.com>
Thanks!
Mimi
Powered by blists - more mailing lists