From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>,
Tyler Hicks <tyhicks@linux.microsoft.com>,
Casey Schaufler <casey@schaufler-ca.com>
Cc: stephen.smalley.work@gmail.com, sashal@kernel.org,
jmorris@namei.org, linux-integrity@vger.kernel.org,
selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 0/4] LSM: Measure security module data
Date: Wed, 5 Aug 2020 10:25:41 -0700 [thread overview]
Message-ID: <9ad079ff-1bd4-1302-e6fb-25a7396ef12f@linux.microsoft.com> (raw)
In-Reply-To: <69810007161e689ac817099fb1c6df21962963e4.camel@linux.ibm.com>
On 8/5/20 10:03 AM, Mimi Zohar wrote:
> On Wed, 2020-08-05 at 10:45 -0500, Tyler Hicks wrote:
>
>> In addition to SELINUX_STATE and SELINUX_POLICY, we should also consider
>> the proposed LSM_STATE and LSM_POLICY func values but require an "lsm"
>> rule conditional.
>>
>> So the current proposed rules:
>>
>> measure func=LSM_STATE
>> measure func=LSM_POLICY
>>
>> Would become:
>>
>> measure func=LSM_STATE lsm=selinux
>> measure func=LSM_POLICY lsm=selinux
>>
>> The following rules would be rejected:
>>
>> measure func=LSM_STATE
>> measure func=LSM_POLICY
>> measure func=LSM_STATE lsm=apparmor
>> measure func=LSM_POLICY lsm=smack
>
> Kees is cleaning up the firmware code which differentiated between how
> firmware was loaded. There will be a single firmware enumeration.
>
> Similarly, the new IMA hook to measure critical state may be placed in
> multiple places. Is there really a need from a policy perspective for
> differentiating the source of the critical state being measurind? The
> data being measured should include some identifying information.
Yes Mimi - SELinux is including the identifying information in the
"event name" field. Please see a sample measurement of STATE and POLICY
for SELinux below:
10 e32e...5ac3 ima-buf sha256:86e8...4594
selinux-state-1595389364:287899386
696e697469616c697a65643d313b656e61626c65643d313b656e666f7263696e673d303b636865636b72657170726f743d313b6e6574776f726b5f706565725f636f6e74726f6c733d313b6f70656e5f7065726d733d313b657874656e6465645f736f636b65745f636c6173733d313b616c776179735f636865636b5f6e6574776f726b3d303b6367726f75705f7365636c6162656c3d313b6e6e705f6e6f737569645f7472616e736974696f6e3d313b67656e66735f7365636c6162656c5f73796d6c696e6b733d303
10 f4a7...9408 ima-ng sha256:8d1d...1834
selinux-policy-hash-1595389353:863934271
>
> I think moving away from the idea that measuring "critical" data should
> be limited to LSMs, will clarify this.
>
Are you suggesting that instead of calling the hooks LSM_STATE and
LSM_POLICY, we should keep it more generic so that it can be utilized by
any subsystem to measure their "critical data"?
I think that is a good idea.
-lakshmi
next prev parent reply other threads:[~2020-08-05 17:26 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-05 0:43 [PATCH v6 0/4] LSM: Measure security module data Lakshmi Ramasubramanian
2020-08-05 0:43 ` [PATCH v6 1/4] IMA: Add func to measure LSM state and policy Lakshmi Ramasubramanian
2020-08-05 3:25 ` Mimi Zohar
2020-08-05 12:46 ` Stephen Smalley
2020-08-05 12:56 ` Mimi Zohar
2020-08-05 13:03 ` Stephen Smalley
2020-08-05 13:19 ` Mimi Zohar
2020-08-05 14:27 ` Stephen Smalley
2020-08-05 15:07 ` Tyler Hicks
2020-08-05 15:43 ` Stephen Smalley
2020-08-05 16:45 ` John Johansen
2020-08-05 15:17 ` Mimi Zohar
2020-08-05 0:43 ` [PATCH v6 2/4] IMA: Define IMA hooks " Lakshmi Ramasubramanian
2020-08-05 0:43 ` [PATCH v6 3/4] LSM: Define SELinux function to measure " Lakshmi Ramasubramanian
2020-08-05 0:43 ` [PATCH v6 4/4] IMA: Handle early boot data measurement Lakshmi Ramasubramanian
2020-08-05 1:04 ` [PATCH v6 0/4] LSM: Measure security module data Casey Schaufler
2020-08-05 1:14 ` Lakshmi Ramasubramanian
2020-08-05 15:36 ` Casey Schaufler
2020-08-05 15:45 ` Tyler Hicks
2020-08-05 16:07 ` Lakshmi Ramasubramanian
2020-08-05 16:14 ` Tyler Hicks
2020-08-05 16:21 ` Lakshmi Ramasubramanian
2020-08-05 16:32 ` Tyler Hicks
2020-08-05 17:31 ` Casey Schaufler
2020-08-05 17:03 ` Mimi Zohar
2020-08-05 17:25 ` Lakshmi Ramasubramanian [this message]
2020-08-05 17:57 ` Casey Schaufler
2020-08-05 18:08 ` Lakshmi Ramasubramanian
2020-08-05 18:25 ` Casey Schaufler
2020-08-12 20:37 ` Lakshmi Ramasubramanian
2020-08-05 12:37 ` Mimi Zohar
2020-08-05 12:00 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9ad079ff-1bd4-1302-e6fb-25a7396ef12f@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tyhicks@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).