diff for duplicates of <1511194519.5979.48.camel@intel.com> diff --git a/a/1.txt b/N1/1.txt index 6760358..b338b11 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -9,7 +9,7 @@ On Mon, 2017-11-20 at 09:59 -0500, Mimi Zohar wrote: > > file that passes appraisal after a reboot. > > The assumption is that most files in the TCB are not changing and are -> signed. Custom policies should require file signatures for these +> signed. ?Custom policies should require file signatures for these > files. > > Assuming that the private keys that are used to sign these files, as @@ -17,7 +17,7 @@ On Mon, 2017-11-20 at 09:59 -0500, Mimi Zohar wrote: > keyring, are stored off line, new files can not be signed. > > The number of mutable files in the TCB should be very limited, -> probably < 20 files. Their usage can be constrained by MAC. +> probably < 20 files. ?Their usage can be constrained by MAC. I'm not sure what exactly "constrained by MAC" implies, but I suspect that these mutable files will be as important for the integrity of the @@ -26,9 +26,9 @@ again here>). Compromised is compromised, an installation cannot be "half compromised". So once the policy allows mutable files, a run-time exploit that bypasses the MAC can compromise the TCB permanently. -> That said, IMA/IMA-appraisal is work in progress. There are still -> measurement/appraisal gaps that need to be closed. One such example -> are files read by interpreters and interpreted files. There have +> That said, IMA/IMA-appraisal is work in progress. ?There are still +> measurement/appraisal gaps that need to be closed. ?One such example +> are files read by interpreters and interpreted files. ?There have > been some initial proposals in this area. That's what brings us back to my initial question: are the current set @@ -44,3 +44,9 @@ The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. + + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 1ce8eaa..9bc78f8 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -11,16 +11,10 @@ "ref\0alpine.LFD.2.20.1711200746120.25470@localhost\0" "ref\01511173252.5979.45.camel@intel.com\0" "ref\01511189976.4729.110.camel@linux.vnet.ibm.com\0" - "From\0Patrick Ohly <patrick.ohly@intel.com>\0" - "Subject\0Re: IMA appraisal master plan?\0" + "From\0patrick.ohly@intel.com (Patrick Ohly)\0" + "Subject\0IMA appraisal master plan?\0" "Date\0Mon, 20 Nov 2017 17:15:19 +0100\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>" - James Morris <james.l.morris@oracle.com> - " Roberto Sassu <roberto.sassu@huawei.com>\0" - "Cc\0Matthew Garrett <mjg59@google.com>" - linux-integrity <linux-integrity@vger.kernel.org> - linux-security-module <linux-security-module@vger.kernel.org> - " Silviu Vlasceanu <silviu.vlasceanu@huawei.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2017-11-20 at 09:59 -0500, Mimi Zohar wrote:\n" @@ -34,7 +28,7 @@ "> > file that passes appraisal after a reboot.\n" "> \n" "> The assumption is that most files in the TCB are not changing and are\n" - "> signed. Custom policies should require file signatures for these\n" + "> signed. ?Custom policies should require file signatures for these\n" "> files.\n" "> \n" "> Assuming that the private keys that are used to sign these files, as\n" @@ -42,7 +36,7 @@ "> keyring, are stored off line, new files can not be signed.\n" "> \n" "> The number of mutable files in the TCB should be very limited,\n" - "> probably < 20 files. Their usage can be constrained by MAC.\n" + "> probably < 20 files. ?Their usage can be constrained by MAC.\n" "\n" "I'm not sure what exactly \"constrained by MAC\" implies, but I suspect\n" "that these mutable files will be as important for the integrity of the\n" @@ -51,9 +45,9 @@ "\"half compromised\". So once the policy allows mutable files, a run-time \n" "exploit that bypasses the MAC can compromise the TCB permanently.\n" "\n" - "> That said, IMA/IMA-appraisal is work in progress. There are still\n" - "> measurement/appraisal gaps that need to be closed. One such example\n" - "> are files read by interpreters and interpreted files. There have\n" + "> That said, IMA/IMA-appraisal is work in progress. ?There are still\n" + "> measurement/appraisal gaps that need to be closed. ?One such example\n" + "> are files read by interpreters and interpreted files. ?There have\n" "> been some initial proposals in this area.\n" "\n" "That's what brings us back to my initial question: are the current set\n" @@ -68,6 +62,12 @@ "The content of this message is my personal opinion only and although\n" "I am an employee of Intel, the statements I make here in no way\n" "represent Intel's position on the issue, nor am I authorized to speak\n" - on behalf of Intel on this matter. + "on behalf of Intel on this matter.\n" + "\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -c2c2ccbf0ab75ffd4c57c294f4e2785ee1ee542b586f1f725eb786b90a3d42e8 +1c7180ec41b5fbda43f02a350e851421a06e63ab80bea6bdac2a3ae02002d44b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.