| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 03 Mar 2022 14:13:24 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: KP Singh <kpsingh@...nel.org>
Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>,
Roberto Sassu <roberto.sassu@...wei.com>, shuah@...nel.org,
ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
yhs@...com, revest@...omium.org, gregkh@...uxfoundation.org,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kselftest@...r.kernel.org, bpf@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Florent Revest <revest@...gle.com>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH v3 0/9] bpf-lsm: Extend interoperability with IMA
On Thu, 2022-03-03 at 19:14 +0100, KP Singh wrote:
>
> Even Robert's use case is to implement IMA policies in BPF this is still
> fundamentally different from IMA doing integrity measurement for BPF
> and blocking this patch-set on the latter does not seem rational and
> I don't see how implementing integrity for BPF would avoid your
> concerns.
eBPF modules are an entire class of files currently not being measured,
audited, or appraised. This is an integrity gap that needs to be
closed. The purpose would be to at least measure and verify the
integrity of the eBPF module that is going to be used in lieu of
traditional IMA.
--
thanks,
Mimi
Powered by blists - more mailing lists