lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 4 May 2024 15:04:22 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: Fan Wu <wufan@...ux.microsoft.com>, corbet@....net, zohar@...ux.ibm.com,
	jmorris@...ei.org, serge@...lyn.com, tytso@....edu,
	ebiggers@...nel.org, axboe@...nel.dk, agk@...hat.com,
	snitzer@...nel.org, eparis@...hat.com, paul@...l-moore.com
Cc: linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org,
	linux-security-module@...r.kernel.org, fsverity@...ts.linux.dev,
	linux-block@...r.kernel.org, dm-devel@...ts.linux.dev,
	audit@...r.kernel.org, linux-kernel@...r.kernel.org,
	Deven Bowers <deven.desai@...ux.microsoft.com>
Subject: Re: [PATCH v18 20/21] Documentation: add ipe documentation

On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote:
> +IPE does not mitigate threats arising from malicious but authorized
> +developers (with access to a signing certificate), or compromised
> +developer tools used by them (i.e. return-oriented programming attacks).
> +Additionally, IPE draws hard security boundary between userspace and
> +kernelspace. As a result, IPE does not provide any protections against a
> +kernel level exploit, and a kernel-level exploit can disable or tamper
> +with IPE's protections.

So how to mitigate kernel-level exploits then?

> +Allow only initramfs
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> <snipped>...
> +Allow any signed and validated dm-verity volume and the initramfs
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> <snipped>...

htmldocs build reports new warnings:

Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.

Allow any signed and validated dm-verity volume and the initramfs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation/admin-guide/LSM/ipe.rst:694: WARNING: Title underline too short.

Allow any signed and validated dm-verity volume and the initramfs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Documentation/arch/x86/resctrl.rst:577: WARNING: Title underline too short.

I have to match these sections underline length:

---- >8 ----
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index 1a3bf1d8aa23f0..a47e14e024a90d 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -681,7 +681,7 @@ Allow all
    DEFAULT action=ALLOW
 
 Allow only initramfs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~
 
 ::
 
@@ -691,7 +691,7 @@ Allow only initramfs
    op=EXECUTE boot_verified=TRUE action=ALLOW
 
 Allow any signed and validated dm-verity volume and the initramfs
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 ::
 
@@ -725,7 +725,7 @@ Allow only a specific dm-verity volume
    op=EXECUTE dmverity_roothash=sha256:401fcec5944823ae12f62726e8184407a5fa9599783f030dec146938 action=ALLOW
 
 Allow any fs-verity file with a valid built-in signature
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 ::
 
@@ -735,7 +735,7 @@ Allow any fs-verity file with a valid built-in signature
    op=EXECUTE fsverity_signature=TRUE action=ALLOW
 
 Allow execution of a specific fs-verity file
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 ::
 

> +Additional Information
> +----------------------
> +
> +- `Github Repository <https://github.com/microsoft/ipe>`_
> +- Documentation/security/ipe.rst

Link title to both this admin-side and developer docs can be added for
disambiguation (to avoid confusion on readers):

---- >8 ----
diff --git a/Documentation/admin-guide/LSM/ipe.rst b/Documentation/admin-guide/LSM/ipe.rst
index a47e14e024a90d..25b17e11559149 100644
--- a/Documentation/admin-guide/LSM/ipe.rst
+++ b/Documentation/admin-guide/LSM/ipe.rst
@@ -7,7 +7,8 @@ Integrity Policy Enforcement (IPE)
 
    This is the documentation for admins, system builders, or individuals
    attempting to use IPE. If you're looking for more developer-focused
-   documentation about IPE please see Documentation/security/ipe.rst
+   documentation about IPE please see :doc:`the design docs
+   </security/ipe>`.
 
 Overview
 --------
@@ -748,7 +749,7 @@ Additional Information
 ----------------------
 
 - `Github Repository <https://github.com/microsoft/ipe>`_
-- Documentation/security/ipe.rst
+- :doc:`Developer and design docs for IPE </security/ipe>`
 
 FAQ
 ---
diff --git a/Documentation/security/ipe.rst b/Documentation/security/ipe.rst
index 07e3632241285d..fd1b1a852d2165 100644
--- a/Documentation/security/ipe.rst
+++ b/Documentation/security/ipe.rst
@@ -7,7 +7,7 @@ Integrity Policy Enforcement (IPE) - Kernel Documentation
 
    This is documentation targeted at developers, instead of administrators.
    If you're looking for documentation on the usage of IPE, please see
-   Documentation/admin-guide/LSM/ipe.rst
+   `IPE admin guide </admin-guide/LSM/ipe.rst>`_.
 
 Historical Motivation
 ---------------------

Thanks.

-- 
An old man doll... just what I always wanted! - Clara

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ