* Re: ima: why IMA_APPRAISE_DIRECTORIES patch is not mainlined
[not found] <CALUj-gtOL3wDoo=QC68zhnwOsnfBistA_X97WzWAu6_v5T-xWQ@mail.gmail.com>
@ 2018-07-05 15:16 ` Mimi Zohar
2018-07-05 22:56 ` Dave Chinner
0 siblings, 1 reply; 2+ messages in thread
From: Mimi Zohar @ 2018-07-05 15:16 UTC (permalink / raw)
To: rishi gupta, zohar, dmitry.kasatkin
Cc: linux-integrity, Dave Chinner, Theodore Y. Ts'o
[CC'ing Dave Chinner, Ted Tso]
Hi Rishi,
On Thu, 2018-07-05 at 16:08 +0530, rishi gupta wrote:
> Hi Dmitry and security team members,
>
> I am willing to take directory protection ima patch in a commercial
> product, but observed that it has not been mainlined. Is there any reason
> for not mainlining it. Are there any better options for protecting
> directory using IMA/EVM or some other security schemes.
>
> https://lwn.net/Articles/512364/
> https://kernel.googlesource.com/pub/scm/linux/kernel/git/kasatkin/linux-digsig/+/ima-dir-experimental/security/integrity/ima/ima_dir.c
The main purpose of the IMA-directory patch set is to protect file
names from offline attack. Dmitry's patch set protects file names at
the immediate directory level, but does not extend up to the root
directory. I brought up the topic of protecting file names at
LSF/MM[1]. Others in the community are aware of the problem and need
to be involved in the discussions as to how to address it.
[1] https://lwn.net/Articles/753276/
Mimi
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ima: why IMA_APPRAISE_DIRECTORIES patch is not mainlined
2018-07-05 15:16 ` ima: why IMA_APPRAISE_DIRECTORIES patch is not mainlined Mimi Zohar
@ 2018-07-05 22:56 ` Dave Chinner
0 siblings, 0 replies; 2+ messages in thread
From: Dave Chinner @ 2018-07-05 22:56 UTC (permalink / raw)
To: Mimi Zohar
Cc: rishi gupta, zohar, dmitry.kasatkin, linux-integrity,
Theodore Y. Ts'o
On Thu, Jul 05, 2018 at 11:16:38AM -0400, Mimi Zohar wrote:
> [CC'ing Dave Chinner, Ted Tso]
>
> Hi Rishi,
>
> On Thu, 2018-07-05 at 16:08 +0530, rishi gupta wrote:
> > Hi Dmitry and security team members,
> >
> > I am willing to take directory protection ima patch in a commercial
> > product, but observed that it has not been mainlined. Is there any reason
> > for not mainlining it. Are there any better options for protecting
> > directory using IMA/EVM or some other security schemes.
> >
> > https://lwn.net/Articles/512364/
> > https://kernel.googlesource.com/pub/scm/linux/kernel/git/kasatkin/linux-digsig/+/ima-dir-experimental/security/integrity/ima/ima_dir.c
>
> The main purpose of the IMA-directory patch set is to protect file
> names from offline attack. Dmitry's patch set protects file names at
> the immediate directory level, but does not extend up to the root
> directory. I brought up the topic of protecting file names at
> LSF/MM[1]. Others in the community are aware of the problem and need
> to be involved in the discussions as to how to address it.
Probably best to take any discussion to the -fsdevel list. Verifying
directories are unchanged doesn't guarantee that access to
individual files is unchanged, though. Hardlinks can be made
from outside the verified directory and symlinks can cross
filesystem boundaries from outside verified filesystems...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-07-05 23:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CALUj-gtOL3wDoo=QC68zhnwOsnfBistA_X97WzWAu6_v5T-xWQ@mail.gmail.com>
2018-07-05 15:16 ` ima: why IMA_APPRAISE_DIRECTORIES patch is not mainlined Mimi Zohar
2018-07-05 22:56 ` Dave Chinner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox