diff for duplicates of <1518623386.5667.30.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 7d97b56..b15031f 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,9 +1,9 @@ On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote: -> Quoting Mimi Zohar (zohar@linux.vnet.ibm.com): +> Quoting Mimi Zohar (zohar at linux.vnet.ibm.com): > > On Wed, 2018-02-14 at 09:16 -0600, Serge E. Hallyn wrote: -> > > Quoting Mimi Zohar (zohar@linux.vnet.ibm.com): +> > > Quoting Mimi Zohar (zohar at linux.vnet.ibm.com): > > > > On Wed, 2018-02-14 at 08:49 -0600, Serge E. Hallyn wrote: -> > > > > Quoting Mimi Zohar (zohar@linux.vnet.ibm.com): +> > > > > Quoting Mimi Zohar (zohar at linux.vnet.ibm.com): > > > > > > Files on untrusted filesystems, such as fuse, can change at any time, > > > > > > making the measurement(s) and by extension signature verification > > > > > > meaningless. @@ -19,7 +19,7 @@ On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote: > > > > > messes up when mounted from init userns right? > > > > > > > > Right, whether it is an unprivileged mount or not, fuse can return -> > > > whatever it wants, whenever it wants. IMA can calculate the file hash +> > > > whatever it wants, whenever it wants. ?IMA can calculate the file hash > > > > based based on what it reads, but fuse can return whatever it wants on > > > > subsequent reads. > > > @@ -35,7 +35,7 @@ On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote: > FS_UNTRUSTED check for privileged FUSE mounts. I'm asking why > that's ok. > -> > > > Refer to the discussion with Linus - http://kernsec.org/pipermail/linu +> > > > Refer to the discussion with Linus -?http://kernsec.org/pipermail/linu > > > > x-security-module-archive/2018-February/005200.html > > > > > > > > > > privileged, untrusted filesystems requires a custom policy. @@ -63,3 +63,8 @@ On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote: Oh! That is based on Linus' "request" not to break userspace. Mimi + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 9baa783..35a8b4d 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,26 +5,18 @@ "ref\020180214151637.GA2671@mail.hallyn.com\0" "ref\01518622569.5667.26.camel@linux.vnet.ibm.com\0" "ref\020180214154255.GA3087@mail.hallyn.com\0" - "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Subject\0Re: [RFC PATCH 2/4] ima: fail signature verification on unprivileged & untrusted filesystems\0" + "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" + "Subject\0[RFC PATCH 2/4] ima: fail signature verification on unprivileged & untrusted filesystems\0" "Date\0Wed, 14 Feb 2018 10:49:46 -0500\0" - "To\0Serge E. Hallyn <serge@hallyn.com>\0" - "Cc\0linux-integrity@vger.kernel.org" - linux-security-module@vger.kernel.org - linux-fsdevel@vger.kernel.org - Miklos Szeredi <miklos@szeredi.hu> - Seth Forshee <seth.forshee@canonical.com> - Eric W . Biederman <ebiederm@xmission.com> - Dongsu Park <dongsu@kinvolk.io> - " Alban Crequy <alban@kinvolk.io>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote:\n" - "> Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):\n" + "> Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):\n" "> > On Wed, 2018-02-14 at 09:16 -0600, Serge E. Hallyn wrote:\n" - "> > > Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):\n" + "> > > Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):\n" "> > > > On Wed, 2018-02-14 at 08:49 -0600, Serge E. Hallyn wrote:\n" - "> > > > > Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):\n" + "> > > > > Quoting Mimi Zohar (zohar at linux.vnet.ibm.com):\n" "> > > > > > Files on untrusted filesystems, such as fuse, can change at any time,\n" "> > > > > > making the measurement(s) and by extension signature verification\n" "> > > > > > meaningless.\n" @@ -40,7 +32,7 @@ "> > > > > messes up when mounted from init userns right?\n" "> > > > \n" "> > > > Right, whether it is an unprivileged mount or not, fuse can return\n" - "> > > > whatever it wants, whenever it wants. IMA can calculate the file hash\n" + "> > > > whatever it wants, whenever it wants. ?IMA can calculate the file hash\n" "> > > > based based on what it reads, but fuse can return whatever it wants on\n" "> > > > subsequent reads.\n" "> > > \n" @@ -56,7 +48,7 @@ "> FS_UNTRUSTED check for privileged FUSE mounts. I'm asking why\n" "> that's ok.\n" "> \n" - "> > > > Refer to the discussion with Linus - http://kernsec.org/pipermail/linu\n" + "> > > > Refer to the discussion with Linus -?http://kernsec.org/pipermail/linu\n" "> > > > x-security-module-archive/2018-February/005200.html\n" "> > > > \n" "> > > > > > privileged, untrusted filesystems requires a custom policy.\n" @@ -83,6 +75,11 @@ "\n" "Oh! That is based on Linus' \"request\" not to break userspace.\n" "\n" - Mimi + "Mimi\n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -579e476cb75710b662023ad2431ea156977b916992d43b5417e86e139d292912 +98b65316efb9a0186385cd84c3928fce416b09949e711bc68d55b9248e796d59
diff --git a/a/1.txt b/N2/1.txt index 7d97b56..e2221cd 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -19,7 +19,7 @@ On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote: > > > > > messes up when mounted from init userns right? > > > > > > > > Right, whether it is an unprivileged mount or not, fuse can return -> > > > whatever it wants, whenever it wants. IMA can calculate the file hash +> > > > whatever it wants, whenever it wants. IMA can calculate the file hash > > > > based based on what it reads, but fuse can return whatever it wants on > > > > subsequent reads. > > > @@ -35,7 +35,7 @@ On Wed, 2018-02-14 at 09:42 -0600, Serge E. Hallyn wrote: > FS_UNTRUSTED check for privileged FUSE mounts. I'm asking why > that's ok. > -> > > > Refer to the discussion with Linus - http://kernsec.org/pipermail/linu +> > > > Refer to the discussion with Linus - http://kernsec.org/pipermail/linu > > > > x-security-module-archive/2018-February/005200.html > > > > > > > > > > privileged, untrusted filesystems requires a custom policy. diff --git a/a/content_digest b/N2/content_digest index 9baa783..14b2413 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -40,7 +40,7 @@ "> > > > > messes up when mounted from init userns right?\n" "> > > > \n" "> > > > Right, whether it is an unprivileged mount or not, fuse can return\n" - "> > > > whatever it wants, whenever it wants. IMA can calculate the file hash\n" + "> > > > whatever it wants, whenever it wants. \302\240IMA can calculate the file hash\n" "> > > > based based on what it reads, but fuse can return whatever it wants on\n" "> > > > subsequent reads.\n" "> > > \n" @@ -56,7 +56,7 @@ "> FS_UNTRUSTED check for privileged FUSE mounts. I'm asking why\n" "> that's ok.\n" "> \n" - "> > > > Refer to the discussion with Linus - http://kernsec.org/pipermail/linu\n" + "> > > > Refer to the discussion with Linus -\302\240http://kernsec.org/pipermail/linu\n" "> > > > x-security-module-archive/2018-February/005200.html\n" "> > > > \n" "> > > > > > privileged, untrusted filesystems requires a custom policy.\n" @@ -85,4 +85,4 @@ "\n" Mimi -579e476cb75710b662023ad2431ea156977b916992d43b5417e86e139d292912 +af7f3224f75c0be4e40f9209e129f454d8312301572ccd1f8f1e828b3bec3dad
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.