From mboxrd@z Thu Jan 1 00:00:00 1970 From: serge@hallyn.com (Serge E. Hallyn) Date: Wed, 31 May 2017 10:35:49 -0500 Subject: [RFC 0/3] WhiteEgret LSM module In-Reply-To: <0e0aa575-263a-893a-7ade-f2dc7ce679c2@schaufler-ca.com> References: <20170530111157.5196-1-masanobu2.koike@toshiba.co.jp> <20170530205002.GA9841@srcf.ucam.org> <0e0aa575-263a-893a-7ade-f2dc7ce679c2@schaufler-ca.com> Message-ID: <20170531153549.GB31189@mail.hallyn.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org Quoting Casey Schaufler (casey at schaufler-ca.com): > > > On 5/31/2017 3:59 AM, Peter Dolding wrote: > > ... > > > > Like you see here in Australian government policy there is another > > thing called whitelisted. > > https://www.asd.gov.au/publications/protect/top_4_mitigations_linux.htm > > Matthew Garrett you might want to call IMA whitelisting Australian > > government for one does not agree. IMA is signed. The difference > > between signed and white-listed is you might have signed a lot more > > than what a particular system is white-listed to allowed used. > > > To be clear, I'm all for a security module to support this policy. > As the explicit requirement is for a whitelist, as opposed to allowing > for a properly configured system*, you can't use any of the existing > technologies to meet it. This kind of thing** is why we have a LSM > infrastructure. > > Unfortunately, the implementation proposed has very serious issues. > You can't do access control from userspace. You can't count on > identifying programs strictly by pathname. It's much more complicated > than it needs to be for the task. > > Suggestion: > > Create an security module that looks for the attribute > > security.WHITELISTED Bonus, you can have EVM verify the validity of these xattrs, and IMA verify the interity of the file itself. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html