Re: [PATCH] IMA: Minimal IMA policy and boot param for TCB IMApolicy

From: James Morris
Date: Thu May 21 2009 - 19:33:22 EST

Next message: Joe Perches: "Re: [PATCH 2/3] arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c: UseDO_ONCE & spelling fix"
Previous message: Joe Perches: "Re: [PATCH 1/3] kernel.h: Add DO_ONCE statement expression macro"
In reply to: Mimi Zohar: "Re: [PATCH] IMA: Minimal IMA policy and boot param for TCB IMApolicy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 21 May 2009, Eric Paris wrote:

> The IMA TCB policy is dangerous. A normal use can use all of a system's
> memory (which cannot be freed) simply by building and running lots of
> executables. The TCB policy is also nearly useless because logging in as root
> often causes a policy violation when dealing with utmp, thus rendering the
> measurements meaningless.

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe Perches: "Re: [PATCH 2/3] arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c: UseDO_ONCE & spelling fix"
Previous message: Joe Perches: "Re: [PATCH 1/3] kernel.h: Add DO_ONCE statement expression macro"
In reply to: Mimi Zohar: "Re: [PATCH] IMA: Minimal IMA policy and boot param for TCB IMApolicy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]