Re: [PATCH 1/2] ima: define ima_trusted_for hook

From: Mimi Zohar
Date: Wed Oct 13 2021 - 10:35:21 EST

Next message: Yang Yingliang: "[PATCH] iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups()"
Previous message: Sean Christopherson: "Re: [PATCH Part2 v5 26/45] KVM: SVM: Mark the private vma unmerable for SEV-SNP guests"
In reply to: Casey Schaufler: "Re: [PATCH 2/2] fs: extend the trusted_for syscall to call IMA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2021-10-13 at 07:01 -0400, Mimi Zohar wrote:
> A major interpreter integrity gap exists which allows files read by
> the interpreter to be executed without measuring the file or verifying
> the file's signature.
>
> The kernel has no knowledge about the file being read by the interpreter.
> Only the interpreter knows the context(eg. data, execute) and must be
> trusted to provide that information accurately.
>
> To close this integrity gap, define an ima_trusted_for hook to allow
> IMA to measure the file and verify the file's signature based on policy.
>
> Sample policy rules:
> measure func=TRUSTED_FOR_CHECK
> appraise func=TRUSTED_FOR_CHECK

To require file signatures, the policy rule should be:
appraise func=TRUSTED_FOR_CHECK appraise_type=imasig
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Next message: Yang Yingliang: "[PATCH] iio: buffer: Fix memory leak in iio_buffer_register_legacy_sysfs_groups()"
Previous message: Sean Christopherson: "Re: [PATCH Part2 v5 26/45] KVM: SVM: Mark the private vma unmerable for SEV-SNP guests"
In reply to: Casey Schaufler: "Re: [PATCH 2/2] fs: extend the trusted_for syscall to call IMA"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]