lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <45ca26a5b08f42fb1318cd78a62dda20b9adb84e.camel@linux.ibm.com>
Date: Wed, 17 Dec 2025 10:26:22 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Roberto Sassu <roberto.sassu@...weicloud.com>, corbet@....net,
        dmitry.kasatkin@...il.com, eric.snowberg@...cle.com,
        paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com
Cc: linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-integrity@...r.kernel.org, linux-security-module@...r.kernel.org,
        gregorylumen@...ux.microsoft.com, chenste@...ux.microsoft.com,
        nramas@...ux.microsoft.com, Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [RFC][PATCH v2] ima: Add support for staging measurements for
 deletion and trimming

Hi Roberto,

Thank you!  Everything is working as designed.

- Only public functions require kernel-doc comments, but other functions would
benefit having a comment.

- As I mentioned in response to Steven's patch, "After trimming the measurement
list, existing verifiers, which walk the IMA measurement list, will obviously
fail to match the PCRs.  Breaking existing userspace applications is a problem
and, unfortunately, requires yet another Kconfig option.  It needs to be at
least mentioned here in the patch description."

On Fri, 2025-12-12 at 18:19 +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
> 
> Introduce the ability of staging the entire (or a portion of the) IMA
> measurement list for deletion. Staging means moving the current content of
> the measurement list to a separate location, and allowing users to read and
> delete it. This causes the measurement list to be atomically truncated
> before new measurements can be added. 

This last sentence is the crux of your of your proposal.
 -> "quickly be atomically ... so ..."

I must be missing something.  With the ability of trimming N records, it's
unclear to me the benefit of staging the measurement list and requiring a
separate deletion. The measurement list can be read before trimming without
loosing any measurements.  Like now, the entire measurement list could be moved
to a staging area. Instead of freeing all of the records, only N records would
be freed.  Afterwards the remaining staged measurements (N+1) could be restored
to the head of the measurement list.

-- 
thanks,

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ