From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-integrity-owner@vger.kernel.org>
Received: from youngberry.canonical.com ([91.189.89.112]:50336 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752470AbdLKNdC (ORCPT
        <rfc822;linux-integrity@vger.kernel.org>);
        Mon, 11 Dec 2017 08:33:02 -0500
Received: from mail-it0-f71.google.com ([209.85.214.71])
        by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
        (Exim 4.76)
        (envelope-from <seth.forshee@canonical.com>)
        id 1eOOA3-0001di-3J
        for linux-integrity@vger.kernel.org; Mon, 11 Dec 2017 13:30:23 +0000
Received: by mail-it0-f71.google.com with SMTP id g202so13806578ita.4
        for <linux-integrity@vger.kernel.org>; Mon, 11 Dec 2017 05:30:23 -0800 (PST)
Date: Mon, 11 Dec 2017 07:30:19 -0600
From: Seth Forshee <seth.forshee@canonical.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: James Morris <james.l.morris@oracle.com>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Sascha Hauer <s.hauer@pengutronix.de>
Subject: Re: [PATCH] ima: define a new policy option named "force"
Message-ID: <20171211133019.GQ6244@ubuntu-hedt>
References: <1512756740.3846.3.camel@linux.vnet.ibm.com>
 <alpine.LFD.2.20.1712110907080.19397@localhost>
 <1512997978.3846.104.camel@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
In-Reply-To: <1512997978.3846.104.camel@linux.vnet.ibm.com>
Sender: linux-integrity-owner@vger.kernel.org
List-ID: <linux-integrity.vger.kernel.org>

On Mon, Dec 11, 2017 at 08:12:58AM -0500, Mimi Zohar wrote:
> On Mon, 2017-12-11 at 09:07 +1100, James Morris wrote:
> > On Fri, 8 Dec 2017, Mimi Zohar wrote:
> > 
> > > There are times instead of relying on previously cached status
> > > information we want to force the file to be re-measured, re-appraised,
> > > and re-audited.
> > 
> > Can you give an example of when this would be needed?
> 
> Up to Sascha Hauer's patch "ima: Use i_version only when filesystem
> supports it", which is queued to be upstreamed, the cached flags are
> reset only if the i_version changed, causing the file to be re-
> evaluated.  After that patch, the cached flags are also reset if
> i_version is not enabled. 
> 
> That leaves the case where i_version is enabled for the filesystem,
> but the local kernel is not responsible for updating it.  This patch
> is mainly for filesystems, where we can't trust the filesystem
> properly increments i_version.
> 
> Eric/Seth, with Sasha's patch is this patch still needed for fuse
> filesystems?

I think so. With fuse the file data is being generated by a userspace
process, so the concern is that the process could change the file data
without the kernel's knowledge and IMA would still use the cached
result. And fuse is often mounted by unprivileged users.

It looks like Sascha's patch only addresses the issue for file data
changes that happen via the kernel and not for data which could change
outside of the kernel's knowledge.

Seth