[RFC][PATCH] ima: add default rule for initramfs files
in [Kernel]
|
Prev: [RFC][PATCH] Add a dentry op to handle automounting rather than abusing follow_link
Next: KVM: MMU: track dirty page in speculative path properly
From: Seiji Munetoh on 13 Jul 2010 18:10 On Thu, Jul 8, 2010 at 10:14 PM, Mimi Zohar <zohar(a)linux.vnet.ibm.com> wrote: > On Tue, 2010-07-06 at 17:08 +0200, Roberto Sassu wrote: >> This patch modifies the default policy shipped with IMA, in order to avoid measurements >> of files in the initial ramdisk. Those files can be measured early in the boot process >> by the bootloader. >> The patch applies to latest version of the mainline kernel 2.6.35-rc4. > > Yes, the initramfs measurements are therefore redundant, as they're > already included in the initramfs measurement, but perhaps, as the > number of initramfs is very limited and the individual file measurements > supplies additional information, it wouldn't hurt to keep the individual > file measurements as well. �These measurements could potentially help in > identifying initramfs changes. > > Would appreciate other opinions before accepting this change. The hash value of the initramfs is unstable since it was generated at the time of kernel installation. So still I want to check the individual used file in initramfs. regards, -- Seiji > > thanks, > > Mimi > >> Signed-off-by: Roberto Sassu <roberto.sassu(a)polito.it> >> --- >> �security/integrity/ima/ima_policy.c | � �1 + >> �1 files changed, 1 insertions(+), 0 deletions(-) >> >> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c >> index aef8c0a..92d8d0e 100644 >> --- a/security/integrity/ima/ima_policy.c >> +++ b/security/integrity/ima/ima_policy.c >> @@ -64,6 +64,7 @@ static struct ima_measure_rule_entry default_rules[] = { >> � � � {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, >> � � � {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, >> � � � {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, >> + � � {.action = DONT_MEASURE,.fsmagic = RAMFS_MAGIC,.flags = IMA_FSMAGIC}, >> � � � {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, >> � � � �.flags = IMA_FUNC | IMA_MASK}, >> � � � {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > _______________________________________________ > Linux-ima-user mailing list > Linux-ima-user(a)lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Seiji Munetoh on 14 Jul 2010 02:30
On Wed, Jul 14, 2010 at 2:42 PM, Shaz <shazalive(a)gmail.com> wrote: > > > On Wed, Jul 14, 2010 at 3:08 AM, Seiji Munetoh <seiji.munetoh(a)gmail.com> > wrote: >> >> On Thu, Jul 8, 2010 at 10:14 PM, Mimi Zohar <zohar(a)linux.vnet.ibm.com> >> wrote: >> > On Tue, 2010-07-06 at 17:08 +0200, Roberto Sassu wrote: >> >> This patch modifies the default policy shipped with IMA, in order to >> >> avoid measurements >> >> of files in the initial ramdisk. Those files can be measured early in >> >> the boot process >> >> by the bootloader. >> >> The patch applies to latest version of the mainline kernel 2.6.35-rc4. >> > >> > Yes, the initramfs measurements are therefore redundant, as they're >> > already included in the initramfs measurement, but perhaps, as the >> > number of initramfs is very limited and the individual file measurements >> > supplies additional information, it wouldn't hurt to keep the individual >> > file measurements as well. �These measurements could potentially help in >> > identifying initramfs changes. >> > >> > Would appreciate other opinions before accepting this change. >> >> The hash value of the initramfs is unstable since it was generated >> at the time of kernel installation. >> So still I want to check �the individual used file in initramfs. > > If initrd is measured by boot loader then changes to individual files should > not be measured as this IS redundant. Use the new hash of the initrd as an > integrity metric. Why would this not be enough? This depends on remote verifier. Creating the initramfs is client side task and the hash value of initramfs will vary each clients. For me, validation of current measurements is easier than validation of initramfs. And it seems the overhead of this redundancy is less painful. But some system can validate (or trust) the initramfs measured by IPL. So, I would suggest that add Kconfig option to change the default policy. IMHO, if the eventlog contains fsmagic information for each measurements. Verifier can skip the validation of RAMFS measurement easily. -- Seiji -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |