diff for duplicates of <1518620899.5667.10.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 764510c..8ad3e6d 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,5 +1,5 @@ On Wed, 2018-02-14 at 08:49 -0600, Serge E. Hallyn wrote: -> Quoting Mimi Zohar (zohar@linux.vnet.ibm.com): +> Quoting Mimi Zohar (zohar at linux.vnet.ibm.com): > > Files on untrusted filesystems, such as fuse, can change at any time, > > making the measurement(s) and by extension signature verification > > meaningless. @@ -15,11 +15,11 @@ On Wed, 2018-02-14 at 08:49 -0600, Serge E. Hallyn wrote: > messes up when mounted from init userns right? Right, whether it is an unprivileged mount or not, fuse can return -whatever it wants, whenever it wants. IMA can calculate the file hash +whatever it wants, whenever it wants. ?IMA can calculate the file hash based based on what it reads, but fuse can return whatever it wants on subsequent reads. -Refer to the discussion with Linus - http://kernsec.org/pipermail/linu +Refer to the discussion with Linus -?http://kernsec.org/pipermail/linu x-security-module-archive/2018-February/005200.html > > privileged, untrusted filesystems requires a custom policy. @@ -100,4 +100,9 @@ Mimi > > } > > -- > > 2.7.5 -> +> + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index b8b5ffe..24f0f9a 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,22 +1,14 @@ "ref\01518615315-7162-1-git-send-email-zohar@linux.vnet.ibm.com\0" "ref\01518615315-7162-2-git-send-email-zohar@linux.vnet.ibm.com\0" "ref\020180214144903.GA1953@mail.hallyn.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [RFC PATCH 2/4] ima: fail signature verification on unprivileged & untrusted filesystems\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[RFC PATCH 2/4] ima: fail signature verification on unprivileged & untrusted filesystems\0" "Date\0Wed, 14 Feb 2018 10:08:19 -0500\0" - "To\0Serge E. Hallyn <serge@hallyn.com>\0" - "Cc\0linux-integrity@vger.kernel.org" - linux-security-module@vger.kernel.org - linux-fsdevel@vger.kernel.org - Miklos Szeredi <miklos@szeredi.hu> - Seth Forshee <seth.forshee@canonical.com> - Eric W . Biederman <ebiederm@xmission.com> - Dongsu Park <dongsu@kinvolk.io> - " Alban Crequy <alban@kinvolk.io>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2018-02-14 at 08:49 -0600, Serge E. Hallyn wrote:\n" - "> Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):\n" + "> Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):\n" "> > Files on untrusted filesystems, such as fuse, can change at any time,\n" "> > making the measurement(s) and by extension signature verification\n" "> > meaningless.\n" @@ -32,11 +24,11 @@ "> messes up when mounted from init userns right?\n" "\n" "Right, whether it is an unprivileged mount or not, fuse can return\n" - "whatever it wants, whenever it wants. IMA can calculate the file hash\n" + "whatever it wants, whenever it wants. ?IMA can calculate the file hash\n" "based based on what it reads, but fuse can return whatever it wants on\n" "subsequent reads.\n" "\n" - "Refer to the discussion with Linus - http://kernsec.org/pipermail/linu\n" + "Refer to the discussion with Linus -?http://kernsec.org/pipermail/linu\n" "x-security-module-archive/2018-February/005200.html\n" "\n" "> > privileged, untrusted filesystems requires a custom policy.\n" @@ -117,6 +109,11 @@ "> > }\n" "> > -- \n" "> > 2.7.5\n" - > + "> \n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -587b5fa4a157fbd93b6f20459d74cb509df16f995cc316965e3c4bd7e8fd255a +dd06bc19ec65eec32dcd65440398ca9efda23bffc26010cacf0d7a3f21bee27a
diff --git a/a/1.txt b/N2/1.txt index 764510c..3da1d79 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -15,11 +15,11 @@ On Wed, 2018-02-14 at 08:49 -0600, Serge E. Hallyn wrote: > messes up when mounted from init userns right? Right, whether it is an unprivileged mount or not, fuse can return -whatever it wants, whenever it wants. IMA can calculate the file hash +whatever it wants, whenever it wants. IMA can calculate the file hash based based on what it reads, but fuse can return whatever it wants on subsequent reads. -Refer to the discussion with Linus - http://kernsec.org/pipermail/linu +Refer to the discussion with Linus - http://kernsec.org/pipermail/linu x-security-module-archive/2018-February/005200.html > > privileged, untrusted filesystems requires a custom policy. diff --git a/a/content_digest b/N2/content_digest index b8b5ffe..654a363 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -32,11 +32,11 @@ "> messes up when mounted from init userns right?\n" "\n" "Right, whether it is an unprivileged mount or not, fuse can return\n" - "whatever it wants, whenever it wants. IMA can calculate the file hash\n" + "whatever it wants, whenever it wants. \302\240IMA can calculate the file hash\n" "based based on what it reads, but fuse can return whatever it wants on\n" "subsequent reads.\n" "\n" - "Refer to the discussion with Linus - http://kernsec.org/pipermail/linu\n" + "Refer to the discussion with Linus -\302\240http://kernsec.org/pipermail/linu\n" "x-security-module-archive/2018-February/005200.html\n" "\n" "> > privileged, untrusted filesystems requires a custom policy.\n" @@ -119,4 +119,4 @@ "> > 2.7.5\n" > -587b5fa4a157fbd93b6f20459d74cb509df16f995cc316965e3c4bd7e8fd255a +1fa0afad5408672d05901927a423827dfc9095fddc5a86509f803f94bd9c8c1e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.