diff for duplicates of <1502370765.3367.69.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 1883758..5191c6e 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -28,7 +28,7 @@ On Wed, 2017-08-09 at 19:18 +0200, Roberto Sassu wrote: > >>>> > >>>> If the concern is security, it would be possible to prevent unsigned > >>>> RPM headers from being parsed, if the PGP key type is upstreamed -> >>>> (adding in CC keyrings@vger.kernel.org). +> >>>> (adding in CC keyrings at vger.kernel.org). > >>> > >>> It's a security concern and also a layering violation, there should be no > >>> need to parse package file formats in the kernel. @@ -75,16 +75,16 @@ On Wed, 2017-08-09 at 19:18 +0200, Roberto Sassu wrote: Your proposal is basically a pre-approved "batched" measurement, of a set of known good measurements, without the corresponding list of -measurements that this "batched" measurement represents. Right? +measurements that this "batched" measurement represents. ?Right? This pre-approved "batched" measurement represents not what has been accessed/executed on the system, but what potentially could be -accessed/executed. That's a major difference. +accessed/executed. ?That's a major difference. > If you prefer, I could add a new policy rule option to avoid file > measurements if the digest is in the digest list. -Huh? Patch "ima: don't report measurements if digests are included in +Huh? ?Patch "ima: don't report measurements if digests are included in the loaded lists" is already doing this. > @@ -98,7 +98,7 @@ the loaded lists" is already doing this. > the optimization done by this patch set useless. True, so you would be able to configure the system with one or the -other type of list, not both. At least there would be a clear +other type of list, not both. ?At least there would be a clear understanding of what that list represents. > @@ -109,9 +109,9 @@ understanding of what that list represents. > for 1000 extends), the boot time delay would be still noticeable > (8.5 seconds for normal boot + 24 seconds for 1400 PCR extends). -Agreed, there is still room for more TPM improvements. Just Nayna's +Agreed, there is still room for more TPM improvements. ?Just Nayna's one patch, without any other changes, brought the timing down from 53s -for a 1000 extends to just 11s. (The initial patch was Nack'ed, but +for a 1000 extends to just 11s. ?(The initial patch was Nack'ed, but we're working with the tpmdd and the TCG's device driver work group (DDWG).) @@ -120,7 +120,7 @@ we're working with the tpmdd and the TCG's device driver work group > verification of digest list signatures, instead of file signatures, > where signatures are already provided by Linux distributions. -Right, there's always a trade off. My suggestion, assuming we go with +Right, there's always a trade off. ?My suggestion, assuming we go with this approach, would be to make that trade off clear by using different lists. @@ -145,7 +145,7 @@ used to extend the TPM, before returning to the caller. A performance improvement would still first add the measurement to the measurement list, but would then queue and wait for the measurement to -extend the TPM, before returning to the caller. In a multi threaded +extend the TPM, before returning to the caller. ?In a multi threaded environment, the queued measurements could be "batched" - a hash of a set of hashes - to extend the TPM. @@ -154,7 +154,7 @@ to complete an existing current "batched" extend and another new "batched" extend. The difficulty with this approach is identifying which measurements -are included in which "batched" measurement. This approach provides +are included in which "batched" measurement. ?This approach provides the same guarantees as previously. Before making the TPM performance problem an IMA issue and "fixing" it @@ -167,3 +167,9 @@ Mimi > files are accessed. No actions happen before either the digest lists > have been measured or the file measurement is added to the measurement > list, if the file digest is not included in the digest list. + + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index b5353f5..586ea7c 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,19 +6,10 @@ "ref\00506050f-c4f1-1b36-a25b-c5418607906d@huawei.com\0" "ref\01502289048.19092.62.camel@linux.vnet.ibm.com\0" "ref\0fffaf219-a633-478a-ec0e-2869419fe3b0@huawei.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [Linux-ima-devel] [PATCH, RESEND 08/12] ima: added parser for RPM data type\0" - "Date\0Thu, 10 Aug 2017 13:12:45 +0000\0" - "To\0Roberto Sassu <roberto.sassu@huawei.com>" - " James Morris <jmorris@namei.org>\0" - "Cc\0Christoph Hellwig <hch@infradead.org>" - linux-doc@vger.kernel.org - linux-kernel@vger.kernel.org - linux-fsdevel@vger.kernel.org - linux-security-module@vger.kernel.org - keyrings@vger.kernel.org - linux-ima-devel@lists.sourceforge.net - " Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[Linux-ima-devel] [PATCH, RESEND 08/12] ima: added parser for RPM data type\0" + "Date\0Thu, 10 Aug 2017 09:12:45 -0400\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2017-08-09 at 19:18 +0200, Roberto Sassu wrote:\n" @@ -51,7 +42,7 @@ "> >>>>\n" "> >>>> If the concern is security, it would be possible to prevent unsigned\n" "> >>>> RPM headers from being parsed, if the PGP key type is upstreamed\n" - "> >>>> (adding in CC keyrings@vger.kernel.org).\n" + "> >>>> (adding in CC keyrings at vger.kernel.org).\n" "> >>>\n" "> >>> It's a security concern and also a layering violation, there should be no\n" "> >>> need to parse package file formats in the kernel.\n" @@ -98,16 +89,16 @@ "\n" "Your proposal is basically a pre-approved \"batched\" measurement, of a\n" "set of known good measurements, without the corresponding list of\n" - "measurements that this \"batched\" measurement represents. \302\240Right?\n" + "measurements that this \"batched\" measurement represents. ?Right?\n" "\n" "This pre-approved \"batched\" measurement represents not what has been\n" "accessed/executed on the system, but what potentially could be\n" - "accessed/executed. \302\240That's a major difference.\n" + "accessed/executed. ?That's a major difference.\n" "\n" "> If you prefer, I could add a new policy rule option to avoid file\n" "> measurements if the digest is in the digest list.\n" "\n" - "Huh? \302\240Patch \"ima: don't report measurements if digests are included in\n" + "Huh? ?Patch \"ima: don't report measurements if digests are included in\n" "the loaded lists\" is already doing this.\n" "\n" "> \n" @@ -121,7 +112,7 @@ "> the optimization done by this patch set useless.\n" "\n" "True, so you would be able to configure the system with one or the\n" - "other type of list, not both. \302\240At least there would be a clear\n" + "other type of list, not both. ?At least there would be a clear\n" "understanding of what that list represents.\n" "\n" "> \n" @@ -132,9 +123,9 @@ "> for 1000 extends), the boot time delay would be still noticeable\n" "> (8.5 seconds for normal boot + 24 seconds for 1400 PCR extends).\n" "\n" - "Agreed, there is still room for more TPM improvements. \302\240Just Nayna's\n" + "Agreed, there is still room for more TPM improvements. ?Just Nayna's\n" "one patch, without any other changes, brought the timing down from 53s\n" - "for a 1000 extends to just 11s. \302\240(The initial patch was Nack'ed, but\n" + "for a 1000 extends to just 11s. ?(The initial patch was Nack'ed, but\n" "we're working with the tpmdd and the TCG's device driver work group\n" "(DDWG).)\n" "\n" @@ -143,7 +134,7 @@ "> verification of digest list signatures, instead of file signatures,\n" "> where signatures are already provided by Linux distributions.\n" "\n" - "Right, there's always a trade off. \302\240My suggestion, assuming we go with\n" + "Right, there's always a trade off. ?My suggestion, assuming we go with\n" "this approach, would be to make that trade off clear by using\n" "different lists.\n" "\n" @@ -168,7 +159,7 @@ "\n" "A performance improvement would still first add the measurement to the\n" "measurement list, but would then queue and wait for the measurement to\n" - "extend the TPM, before returning to the caller. \302\240In a multi threaded\n" + "extend the TPM, before returning to the caller. ?In a multi threaded\n" "environment, the queued measurements could be \"batched\" - a hash of a\n" "set of hashes - to extend the TPM.\n" "\n" @@ -177,7 +168,7 @@ "\"batched\" extend.\n" "\n" "The difficulty with this approach is identifying which measurements\n" - "are included in which \"batched\" measurement. \302\240This approach provides\n" + "are included in which \"batched\" measurement. ?This approach provides\n" "the same guarantees as previously.\n" "\n" "Before making the TPM performance problem an IMA issue and \"fixing\" it\n" @@ -189,6 +180,12 @@ "> This patch set extends the PCR with the digest of digest lists, before\n" "> files are accessed. No actions happen before either the digest lists\n" "> have been measured or the file measurement is added to the measurement\n" - > list, if the file digest is not included in the digest list. + "> list, if the file digest is not included in the digest list.\n" + "\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -751cc3c803b09a8a05a5aef6f4f1b24d97bb6feaf712eb288dfbaf872103f476 +c9f133815edd2a539f70449c9b1d5b1d950e07be879b2174f62699ce267eedbd
diff --git a/a/content_digest b/N2/content_digest index b5353f5..e167f38 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -8,7 +8,7 @@ "ref\0fffaf219-a633-478a-ec0e-2869419fe3b0@huawei.com\0" "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" "Subject\0Re: [Linux-ima-devel] [PATCH, RESEND 08/12] ima: added parser for RPM data type\0" - "Date\0Thu, 10 Aug 2017 13:12:45 +0000\0" + "Date\0Thu, 10 Aug 2017 09:12:45 -0400\0" "To\0Roberto Sassu <roberto.sassu@huawei.com>" " James Morris <jmorris@namei.org>\0" "Cc\0Christoph Hellwig <hch@infradead.org>" @@ -191,4 +191,4 @@ "> have been measured or the file measurement is added to the measurement\n" > list, if the file digest is not included in the digest list. -751cc3c803b09a8a05a5aef6f4f1b24d97bb6feaf712eb288dfbaf872103f476 +e202d66f53e29b3ad3e1095ba2c5bbe7208b13cc484a1993e4a78f6421dd1148
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.