Re: [PATCH v7 4/5] IMA: Add support to limit measuring keys

From: Lakshmi Ramasubramanian
Date: Thu Nov 14 2019 - 13:18:49 EST

Next message: Steven Rostedt: "[for-next][PATCH 23/33] fgraph: Fix function type mismatches of ftrace_graph_return using ftrace_stub"
Previous message: Steven Rostedt: "[for-next][PATCH 27/33] tracing: Use generic type for comparator function"
In reply to: Mimi Zohar: "Re: [PATCH v7 4/5] IMA: Add support to limit measuring keys"
Next in thread: Lakshmi Ramasubramanian: "[PATCH v7 1/5] IMA: Add KEY_CHECK func to measure keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/14/2019 6:37 AM, Mimi Zohar wrote:

Keyrings may be created by userspace with any name (e.g. foo, foobar,
...). ÂA keyring name might be a subset of another keyring name. ÂFor
example, with the policy "keyrings=foobar", keys being loaded on "foo"
would also be measured. ÂUsing strstr() will not achieve what is
needed.

Mimi

Very good catch - I missed that :(

Will fix and send an update.

thanks,
-lakshmi

Next message: Steven Rostedt: "[for-next][PATCH 23/33] fgraph: Fix function type mismatches of ftrace_graph_return using ftrace_stub"
Previous message: Steven Rostedt: "[for-next][PATCH 27/33] tracing: Use generic type for comparator function"
In reply to: Mimi Zohar: "Re: [PATCH v7 4/5] IMA: Add support to limit measuring keys"
Next in thread: Lakshmi Ramasubramanian: "[PATCH v7 1/5] IMA: Add KEY_CHECK func to measure keys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]