diff for duplicates of <87d114ygfj.fsf@xmission.com> diff --git a/a/1.txt b/N1/1.txt index 7cb6fc4..8b22778 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -30,7 +30,7 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> >> IMA. >> > >> > Using s_iflags instead of fs_flags is fine, but I'm not sure how this ->> > affects the IMA policy. This patch set assumes only unprivileged, +>> > affects the IMA policy. ?This patch set assumes only unprivileged, >> > untrusted filesytems can automatically fail file signature >> > verification (2nd patch), as that hasn't yet been upstreamed and won't >> > break userspace. @@ -69,7 +69,7 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> sb->s_iflags |= SB_I_NOIMA); > > SB_I_NOIMA would be really confusing, as we're not disabling IMA in -> general, just failing the signature verification. The measurement, +> general, just failing the signature verification. ?The measurement, > even if it is meaningless, is an indication in the measurement list > that the file was accessed/executed. > @@ -86,7 +86,7 @@ I. >> around. > > The last patch (4/4) had 1 line, which set the fs_flags -> unconditionally in fuse_fs_type. Instead, we can set the sb->s_iflags +> unconditionally in fuse_fs_type. ?Instead, we can set the sb->s_iflags > in fuse_fill_supper(), again unconditionally, letting IMA-appraisal > differentiate between privileged and unprivileged. @@ -124,3 +124,7 @@ the trust kernel part of the fs code. As far as I can see that is a proper separation of responsibilities. Eric +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 18595d3..9fb2771 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,17 +5,9 @@ "ref\087a7wayzcl.fsf@xmission.com\0" "ref\01518717140.5667.145.camel@linux.vnet.ibm.com\0" "From\0ebiederm@xmission.com (Eric W. Biederman)\0" - "Subject\0Re: [RFC PATCH 2/4] ima: fail signature verification on unprivileged & untrusted filesystems\0" + "Subject\0[RFC PATCH 2/4] ima: fail signature verification on unprivileged & untrusted filesystems\0" "Date\0Fri, 16 Feb 2018 11:48:00 -0600\0" - "To\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" - "Cc\0linux-integrity@vger.kernel.org" - linux-security-module@vger.kernel.org - linux-fsdevel@vger.kernel.org - Miklos Szeredi <miklos@szeredi.hu> - Seth Forshee <seth.forshee@canonical.com> - Dongsu Park <dongsu@kinvolk.io> - Alban Crequy <alban@kinvolk.io> - " Serge E. Hallyn <serge@hallyn.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "Mimi Zohar <zohar@linux.vnet.ibm.com> writes:\n" @@ -50,7 +42,7 @@ ">> >> IMA.\n" ">> >\n" ">> > Using s_iflags instead of fs_flags is fine, but I'm not sure how this\n" - ">> > affects the IMA policy. This patch set assumes only unprivileged,\n" + ">> > affects the IMA policy. ?This patch set assumes only unprivileged,\n" ">> > untrusted filesytems can automatically fail file signature\n" ">> > verification (2nd patch), as that hasn't yet been upstreamed and won't\n" ">> > break userspace.\n" @@ -89,7 +81,7 @@ ">> \tsb->s_iflags |= SB_I_NOIMA);\n" ">\n" "> SB_I_NOIMA would be really confusing, as we're not disabling IMA in\n" - "> general, just failing the signature verification. The measurement,\n" + "> general, just failing the signature verification. ?The measurement,\n" "> even if it is meaningless, is an indication in the measurement list\n" "> that the file was accessed/executed.\n" ">\n" @@ -106,7 +98,7 @@ ">> around.\n" ">\n" "> The last patch (4/4) had 1 line, which set the fs_flags\n" - "> unconditionally in fuse_fs_type. Instead, we can set the sb->s_iflags \n" + "> unconditionally in fuse_fs_type. ?Instead, we can set the sb->s_iflags \n" "> in fuse_fill_supper(), again unconditionally, letting IMA-appraisal\n" "> differentiate between privileged and unprivileged.\n" "\n" @@ -143,6 +135,10 @@ "the trust kernel part of the fs code. As far as I can see that is a\n" "proper separation of responsibilities.\n" "\n" - Eric + "Eric\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -0838417ef4f5d133d5e5188b7d11c43ec557a80c813b348c7ac139cf54746e53 +71663ba3922d3db7dd3a20c0b36d1bdd6b6de4adb02550ebe341d3ad3176083f
diff --git a/a/1.txt b/N2/1.txt index 7cb6fc4..181ddab 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -30,7 +30,7 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> >> IMA. >> > >> > Using s_iflags instead of fs_flags is fine, but I'm not sure how this ->> > affects the IMA policy. This patch set assumes only unprivileged, +>> > affects the IMA policy. This patch set assumes only unprivileged, >> > untrusted filesytems can automatically fail file signature >> > verification (2nd patch), as that hasn't yet been upstreamed and won't >> > break userspace. @@ -69,7 +69,7 @@ Mimi Zohar <zohar@linux.vnet.ibm.com> writes: >> sb->s_iflags |= SB_I_NOIMA); > > SB_I_NOIMA would be really confusing, as we're not disabling IMA in -> general, just failing the signature verification. The measurement, +> general, just failing the signature verification. The measurement, > even if it is meaningless, is an indication in the measurement list > that the file was accessed/executed. > @@ -86,7 +86,7 @@ I. >> around. > > The last patch (4/4) had 1 line, which set the fs_flags -> unconditionally in fuse_fs_type. Instead, we can set the sb->s_iflags +> unconditionally in fuse_fs_type. Instead, we can set the sb->s_iflags > in fuse_fill_supper(), again unconditionally, letting IMA-appraisal > differentiate between privileged and unprivileged. diff --git a/a/content_digest b/N2/content_digest index 18595d3..f983a20 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -50,7 +50,7 @@ ">> >> IMA.\n" ">> >\n" ">> > Using s_iflags instead of fs_flags is fine, but I'm not sure how this\n" - ">> > affects the IMA policy. This patch set assumes only unprivileged,\n" + ">> > affects the IMA policy. \302\240This patch set assumes only unprivileged,\n" ">> > untrusted filesytems can automatically fail file signature\n" ">> > verification (2nd patch), as that hasn't yet been upstreamed and won't\n" ">> > break userspace.\n" @@ -89,7 +89,7 @@ ">> \tsb->s_iflags |= SB_I_NOIMA);\n" ">\n" "> SB_I_NOIMA would be really confusing, as we're not disabling IMA in\n" - "> general, just failing the signature verification. The measurement,\n" + "> general, just failing the signature verification. \302\240The measurement,\n" "> even if it is meaningless, is an indication in the measurement list\n" "> that the file was accessed/executed.\n" ">\n" @@ -106,7 +106,7 @@ ">> around.\n" ">\n" "> The last patch (4/4) had 1 line, which set the fs_flags\n" - "> unconditionally in fuse_fs_type. Instead, we can set the sb->s_iflags \n" + "> unconditionally in fuse_fs_type. \302\240Instead, we can set the sb->s_iflags \n" "> in fuse_fill_supper(), again unconditionally, letting IMA-appraisal\n" "> differentiate between privileged and unprivileged.\n" "\n" @@ -145,4 +145,4 @@ "\n" Eric -0838417ef4f5d133d5e5188b7d11c43ec557a80c813b348c7ac139cf54746e53 +8a3979e98731bbef7b6ee2083b271088dccff33e30f767df23a3043fda612b0b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.