public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Mimi Zohar <zohar@us.ibm.com>,
	serue@linux.vnet.ibm.com, Christoph Hellwig <hch@infradead.org>,
	James Morris <jmorris@namei.org>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Randy Dunlap <randy.dunlap@oracle.com>,
	safford@watson.ibm.com, sailer@watson.ibm.com,
	Stephen Smalley <sds@tycho.nsa.gov>,
	Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH 3/4] integrity: Linux Integrity Module(LIM)
Date: Wed, 13 Aug 2008 13:03:36 -0400	[thread overview]
Message-ID: <1218647016.2987.26.camel@localhost.localdomain> (raw)
In-Reply-To: <20080811195645.GA16685@us.ibm.com>

On Mon, 2008-08-11 at 14:56 -0500, Serge E. Hallyn wrote: 
> Quoting Mimi Zohar (zohar@us.ibm.com):
> > serue@linux.vnet.ibm.com wrote on 08/11/2008 01:02:55 PM:
> > 
> > > Quoting Mimi Zohar (zohar@us.ibm.com):
> > > > Christoph Hellwig <hch@infradead.org> wrote on 08/09/2008 02:53:40 PM:
> > > > > >  int vfs_permission(struct nameidata *nd, int mask)
> > > > > >  {
> > > > > > -   return inode_permission(nd->path.dentry->d_inode, mask);
> > > > > > +   int retval;
> > > > > > +
> > > > > > +   retval = inode_permission(nd->path.dentry->d_inode, mask);
> > > > > > +   if (retval)
> > > > > > +      return retval;
> > > > > > +   return integrity_inode_permission(NULL, &nd->path,
> > > > > > +                 mask & (MAY_READ | MAY_WRITE |
> > > > > > +                    MAY_EXEC));
> > > > > >  }
> > > > > > 
> > > > > >  /**
> > > > > > @@ -306,7 +314,14 @@ int vfs_permission(struct nameidata *nd,
> > > > > >   */
> > > > > >  int file_permission(struct file *file, int mask)
> > > > > >  {
> > > > > > -   return inode_permission(file->f_path.dentry->d_inode, mask);
> > > > > > +   int retval;
> > > > > > +
> > > > > > +   retval = inode_permission(file->f_path.dentry->d_inode, mask);
> > > > > > +   if (retval)
> > > > > > +      return retval;
> > > > > > +   return integrity_inode_permission(file, NULL,
> > > > > > +                 mask & (MAY_READ | MAY_WRITE |
> > > > > > +                    MAY_EXEC));
> > > > > 
> > > > > Please put your hook into inode_permission.  Note that in inode
> > > > > permission and lots of callers there is no path available so don't 
> > pass
> > > > > it.  Please pass the full MAY_FOO mask for new interfaces and do
> > > > > filtering that won't break if new ones are introduced.
> > > > 
> > > > We started out with the integrity_inode_permission() hook call in 
> > > > inode_permission(), but because of the removal of the nameidata 
> > > > parameter in the last merge, based on discussions
> > > > http://marc.info/?l=linux-security-module&m=121797845308246&w=2,
> > > > the call to integrity_inode_permission() was moved up to the caller,
> > > > where either a file or path are available.  Any suggestions?
> > > 
> > > Mimi, can you explain exactly (and concisely) what you are doing with
> > > the pathname?
> > 
> > IMA maintains a list of hash values of system sensitive files loaded 
> > into the run-time of the system and extends a PCR with the hash value. 
> > In order to calculate this hash value, IMA requires access to either
> > the file or the path, which currently is not accessible in 
> > inode_permission().
> 
> So the usual question is, if I've done	
> 	ln -s /etc/shadow /tmp/shadow
> will IMA do the right thing if I'm opening /tmp/shadow?  Or will it only
> catch any writes I've done the next time someone (i.e. passwd) opens
> /etc/shadow?

It will measure the right thing, as the measurement is based on the dentry
contained within the file/path structures, not names.  File names in IMA 
are only used as a hint in the measurement hash list.

Mimi


  parent reply	other threads:[~2008-08-13 17:04 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20080808184349.999902616@linux.vnet.ibm.com>
2008-08-08 18:55 ` [PATCH 1/4] integrity: TPM internel kernel interface Mimi Zohar
2008-08-09 18:46   ` Christoph Hellwig
2008-08-11 21:13     ` Mimi Zohar
2008-08-12 19:30       ` Christoph Hellwig
2008-08-12 20:57         ` Kenneth Goldman
2008-08-12 21:36           ` Alan Cox
2008-08-13 13:46             ` Kenneth Goldman
2008-08-13 13:40               ` Alan Cox
2008-08-13 14:45                 ` Christoph Hellwig
2008-08-13 16:39                 ` Kenneth Goldman
2008-08-12 23:16           ` Greg KH
2008-08-13 13:58             ` Kenneth Goldman
2008-08-13 16:56             ` Mimi Zohar
2008-08-14 11:12           ` Pavel Machek
2008-08-15 10:37             ` Peter Dolding
2008-08-15 18:50               ` Kenneth Goldman
2008-08-15 19:22                 ` Valdis.Kletnieks
2008-08-15 21:17                 ` Alan Cox
2008-08-18 15:01             ` Kenneth Goldman
2008-08-08 18:55 ` [PATCH 2/4] integrity: special fs magic Mimi Zohar
2008-08-08 19:04   ` Greg KH
2008-08-08 19:15     ` Greg KH
2008-08-08 19:50       ` Mimi Zohar
2008-08-08 23:07         ` Greg KH
2008-08-09 18:47       ` Christoph Hellwig
2008-08-10 13:48         ` Mimi Zohar
2008-08-08 19:36     ` Mimi Zohar
2008-08-08 23:15   ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar
2008-08-09 18:53   ` Christoph Hellwig
2008-08-10 13:52     ` Mimi Zohar
2008-08-11 17:02       ` Serge E. Hallyn
2008-08-11 19:08         ` Mimi Zohar
2008-08-11 19:56           ` Serge E. Hallyn
2008-08-12  8:41             ` Peter Dolding
2008-08-12 19:29               ` Christoph Hellwig
2008-08-13 10:44                 ` Peter Dolding
2008-08-13 14:11                   ` David Howells
2008-08-13 22:57                     ` Peter Dolding
2008-08-13 17:03             ` Mimi Zohar [this message]
2008-08-12 19:27         ` Christoph Hellwig
2008-08-12 21:19           ` Serge E. Hallyn
2008-08-13 17:03             ` Mimi Zohar
2008-08-12 19:25       ` Christoph Hellwig
2008-08-08 18:56 ` [PATCH 4/4] integrity: IMA as an integrity service provider Mimi Zohar
2008-08-08 20:06   ` Randy Dunlap
2008-10-07 18:00 [PATCH 0/4] integrity Mimi Zohar
2008-10-07 18:00 ` [PATCH 3/4] integrity: Linux Integrity Module(LIM) Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1218647016.2987.26.camel@localhost.localdomain \
    --to=zohar@linux.vnet.ibm.com \
    --cc=hch@infradead.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=randy.dunlap@oracle.com \
    --cc=safford@watson.ibm.com \
    --cc=sailer@watson.ibm.com \
    --cc=sds@tycho.nsa.gov \
    --cc=serue@linux.vnet.ibm.com \
    --cc=serue@us.ibm.com \
    --cc=viro@ZenIV.linux.org.uk \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox