From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Mimi Zohar <zohar@us.ibm.com>
Cc: serue@linux.vnet.ibm.com, Christoph Hellwig <hch@infradead.org>,
James Morris <jmorris@namei.org>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Randy Dunlap <randy.dunlap@oracle.com>,
safford@watson.ibm.com, sailer@watson.ibm.com,
Stephen Smalley <sds@tycho.nsa.gov>,
Al Viro <viro@ZenIV.linux.org.uk>,
Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH 3/4] integrity: Linux Integrity Module(LIM)
Date: Mon, 11 Aug 2008 14:56:45 -0500 [thread overview]
Message-ID: <20080811195645.GA16685@us.ibm.com> (raw)
In-Reply-To: <OFAC0E3107.C68382CD-ON852574A2.0068E1AD-852574A2.00692623@us.ibm.com>
Quoting Mimi Zohar (zohar@us.ibm.com):
> serue@linux.vnet.ibm.com wrote on 08/11/2008 01:02:55 PM:
>
> > Quoting Mimi Zohar (zohar@us.ibm.com):
> > > Christoph Hellwig <hch@infradead.org> wrote on 08/09/2008 02:53:40 PM:
> > > > > int vfs_permission(struct nameidata *nd, int mask)
> > > > > {
> > > > > - return inode_permission(nd->path.dentry->d_inode, mask);
> > > > > + int retval;
> > > > > +
> > > > > + retval = inode_permission(nd->path.dentry->d_inode, mask);
> > > > > + if (retval)
> > > > > + return retval;
> > > > > + return integrity_inode_permission(NULL, &nd->path,
> > > > > + mask & (MAY_READ | MAY_WRITE |
> > > > > + MAY_EXEC));
> > > > > }
> > > > >
> > > > > /**
> > > > > @@ -306,7 +314,14 @@ int vfs_permission(struct nameidata *nd,
> > > > > */
> > > > > int file_permission(struct file *file, int mask)
> > > > > {
> > > > > - return inode_permission(file->f_path.dentry->d_inode, mask);
> > > > > + int retval;
> > > > > +
> > > > > + retval = inode_permission(file->f_path.dentry->d_inode, mask);
> > > > > + if (retval)
> > > > > + return retval;
> > > > > + return integrity_inode_permission(file, NULL,
> > > > > + mask & (MAY_READ | MAY_WRITE |
> > > > > + MAY_EXEC));
> > > >
> > > > Please put your hook into inode_permission. Note that in inode
> > > > permission and lots of callers there is no path available so don't
> pass
> > > > it. Please pass the full MAY_FOO mask for new interfaces and do
> > > > filtering that won't break if new ones are introduced.
> > >
> > > We started out with the integrity_inode_permission() hook call in
> > > inode_permission(), but because of the removal of the nameidata
> > > parameter in the last merge, based on discussions
> > > http://marc.info/?l=linux-security-module&m=121797845308246&w=2,
> > > the call to integrity_inode_permission() was moved up to the caller,
> > > where either a file or path are available. Any suggestions?
> >
> > Mimi, can you explain exactly (and concisely) what you are doing with
> > the pathname?
>
> IMA maintains a list of hash values of system sensitive files loaded
> into the run-time of the system and extends a PCR with the hash value.
> In order to calculate this hash value, IMA requires access to either
> the file or the path, which currently is not accessible in
> inode_permission().
So the usual question is, if I've done
ln -s /etc/shadow /tmp/shadow
will IMA do the right thing if I'm opening /tmp/shadow? Or will it only
catch any writes I've done the next time someone (i.e. passwd) opens
/etc/shadow?
thanks,
-serge
next prev parent reply other threads:[~2008-08-11 19:57 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080808184349.999902616@linux.vnet.ibm.com>
2008-08-08 18:55 ` [PATCH 1/4] integrity: TPM internel kernel interface Mimi Zohar
2008-08-09 18:46 ` Christoph Hellwig
2008-08-11 21:13 ` Mimi Zohar
2008-08-12 19:30 ` Christoph Hellwig
2008-08-12 20:57 ` Kenneth Goldman
2008-08-12 21:36 ` Alan Cox
2008-08-13 13:46 ` Kenneth Goldman
2008-08-13 13:40 ` Alan Cox
2008-08-13 14:45 ` Christoph Hellwig
2008-08-13 16:39 ` Kenneth Goldman
2008-08-12 23:16 ` Greg KH
2008-08-13 13:58 ` Kenneth Goldman
2008-08-13 16:56 ` Mimi Zohar
2008-08-14 11:12 ` Pavel Machek
2008-08-15 10:37 ` Peter Dolding
2008-08-15 18:50 ` Kenneth Goldman
2008-08-15 19:22 ` Valdis.Kletnieks
2008-08-15 21:17 ` Alan Cox
2008-08-18 15:01 ` Kenneth Goldman
2008-08-08 18:55 ` [PATCH 2/4] integrity: special fs magic Mimi Zohar
2008-08-08 19:04 ` Greg KH
2008-08-08 19:15 ` Greg KH
2008-08-08 19:50 ` Mimi Zohar
2008-08-08 23:07 ` Greg KH
2008-08-09 18:47 ` Christoph Hellwig
2008-08-10 13:48 ` Mimi Zohar
2008-08-08 19:36 ` Mimi Zohar
2008-08-08 23:15 ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-08-09 18:53 ` Christoph Hellwig
2008-08-10 13:52 ` Mimi Zohar
2008-08-11 17:02 ` Serge E. Hallyn
2008-08-11 19:08 ` Mimi Zohar
2008-08-11 19:56 ` Serge E. Hallyn [this message]
2008-08-12 8:41 ` Peter Dolding
2008-08-12 19:29 ` Christoph Hellwig
2008-08-13 10:44 ` Peter Dolding
2008-08-13 14:11 ` David Howells
2008-08-13 22:57 ` Peter Dolding
2008-08-13 17:03 ` Mimi Zohar
2008-08-12 19:27 ` Christoph Hellwig
2008-08-12 21:19 ` Serge E. Hallyn
2008-08-13 17:03 ` Mimi Zohar
2008-08-12 19:25 ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 4/4] integrity: IMA as an integrity service provider Mimi Zohar
2008-08-08 20:06 ` Randy Dunlap
2008-10-07 18:00 [PATCH 0/4] integrity Mimi Zohar
2008-10-07 18:00 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080811195645.GA16685@us.ibm.com \
--to=serue@us.ibm.com \
--cc=hch@infradead.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=safford@watson.ibm.com \
--cc=sailer@watson.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=serue@linux.vnet.ibm.com \
--cc=viro@ZenIV.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.